|
51
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based …
New
|
CWE-22
CWE-287
Path Traversal
Improper Authentication
|
CVE-2026-36829
|
2026-05-20 03:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
52
|
7.5 |
HIGH
Network
|
-
|
-
|
Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash ki…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-33633
|
2026-05-20 03:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
53
|
5.9 |
MEDIUM
Network
|
-
|
-
|
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the br…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-32134
|
2026-05-20 03:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
54
|
- |
|
-
|
-
|
In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently available. The authentication key enables flash to the Electronic Parking Break (EPB) and S…
New
|
-
|
CVE-2025-61081
|
2026-05-20 03:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
55
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerability (CWE-78) in its HDFS file operation utilities. The vulnerabi…
Update
|
CWE-78
OS Command
|
CVE-2026-31226
|
2026-05-20 03:14 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
56
|
8.8 |
HIGH
Local
|
microsoft
|
365_apps
office
office_long_term_servicing_channel
|
Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
Update
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2026-35436
|
2026-05-20 03:05 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
57
|
5.5 |
MEDIUM
Local
|
microsoft
|
365_apps
office
office_long_term_servicing_channel
word
|
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Update
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-35440
|
2026-05-20 03:05 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
58
|
8.4 |
HIGH
Local
|
microsoft
|
365_apps
office
office_long_term_servicing_channel
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Update
|
CWE-416
Use After Free
|
CVE-2026-40358
|
2026-05-20 03:05 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
59
|
7.8 |
HIGH
Local
|
microsoft
|
365_apps
excel
office
office_long_term_servicing_channel
office_online_server
|
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Update
|
CWE-416
Use After Free
|
CVE-2026-40359
|
2026-05-20 03:05 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
60
|
7.8 |
HIGH
Local
|
microsoft
|
365_apps
excel
office
office_long_term_servicing_channel
office_online_server
|
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-40360
|
2026-05-20 03:05 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
