|
601
|
7.3 |
HIGH
Network
|
mozilla
|
firefox
|
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.
Update
|
CWE-416
Use After Free
|
CVE-2026-8390
|
2026-05-15 03:53 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
602
|
7.5 |
HIGH
Network
|
pgbouncer
|
pgbouncer
|
An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malforme…
Update
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-6664
|
2026-05-15 03:52 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
603
|
9.8 |
CRITICAL
Network
|
pgbouncer
|
pgbouncer
|
The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM se…
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-6665
|
2026-05-15 03:52 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
604
|
7.3 |
HIGH
Network
|
apache
|
tomcat
|
Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1…
Update
|
CWE-200
Information Exposure
|
CVE-2026-42498
|
2026-05-15 03:51 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
605
|
3.5 |
LOW
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with control o…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7471
|
2026-05-15 03:50 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
606
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7481
|
2026-05-15 03:50 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
607
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with projec…
New
|
CWE-862
Missing Authorization
|
CVE-2026-8144
|
2026-05-15 03:50 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
608
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to cause den…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-8280
|
2026-05-15 03:50 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
609
|
7.5 |
HIGH
Network
|
pgbouncer
|
pgbouncer
|
A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-6666
|
2026-05-15 03:49 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
610
|
4.3 |
MEDIUM
Network
|
pgbouncer
|
pgbouncer
|
PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console (which itself requires authorization)…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-6667
|
2026-05-15 03:49 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
