|
2231
|
7.5 |
HIGH
Network
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation
Ulrich reports a regression with nfqueue:
If an appl…
|
-
|
CVE-2026-45859
|
2026-05-30 20:17 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2232
|
7.1 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send
ib_uverbs_post_send() uses cmd.wqe_size from userspace with…
|
-
|
CVE-2026-45856
|
2026-05-30 20:17 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2233
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
RDMA/rxe: Fix double free in rxe_srq_from_init
In rxe_srq_from_init(), the queue pointer 'q' is assigned to
'srq->rq.queue' befor…
|
-
|
CVE-2026-45852
|
2026-05-30 20:17 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2234
|
8.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net: skbuff: propagate shared-frag marker through frag-transfer helpers
Two frag-transfer helpers (__pskb_copy_fclone() and skb_s…
|
-
|
CVE-2026-43503
|
2026-05-30 20:17 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2235
|
8.8 |
HIGH
Network
|
mintplexlabs
|
anythingllm
|
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-con…
|
CWE-77
CWE-88
Command Injection
Argument Injection
|
CVE-2026-48116
|
2026-05-30 13:17 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2236
|
9.6 |
CRITICAL
Network
|
-
|
-
|
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool spawns durable sub-agents that inherit two insecure defaults, allow_shell defaults to true (config.rs:14…
|
CWE-94
Code Injection
|
CVE-2026-45374
|
2026-05-30 13:17 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2237
|
7.4 |
HIGH
Network
|
-
|
-
|
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in URL as htt…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45373
|
2026-05-30 13:17 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2238
|
- |
|
-
|
-
|
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScrip…
|
CWE-79
Cross-site Scripting
|
CVE-2026-45343
|
2026-05-30 13:17 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2239
|
7.4 |
HIGH
Network
|
-
|
-
|
CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.22, the fetch_url tool validates the initial URL's resolved IP address against a restricted-IP blocklist (is_restricted_ip()) to …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45310
|
2026-05-30 13:17 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2240
|
8.1 |
HIGH
Network
|
-
|
-
|
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled task_name value directly when constructing se…
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-46402
|
2026-05-30 11:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
