|
101
|
8.8 |
HIGH
Network
|
-
|
-
|
IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters through the…
New
|
CWE-88
Argument Injection
|
CVE-2026-47114
|
2026-05-22 06:03 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
102
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the process_ajax_restore_action() function in all versions up to, and …
New
|
CWE-862
Missing Authorization
|
CVE-2026-4843
|
2026-05-22 06:03 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
103
|
6.1 |
MEDIUM
Network
|
simplesamlphp
|
simplesamlphp-casserver
simplesamlphp_casserver
|
SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redire…
Update
|
CWE-601
Open Redirect
|
CVE-2025-65954
|
2026-05-22 06:01 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
104
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
firefox_focus
|
Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151.
Update
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-8945
|
2026-05-22 05:56 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
105
|
4.8 |
MEDIUM
Network
|
samba
|
rsync
|
Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass host…
Update
|
CWE-289
Authentication Bypass by Alternate Name
|
CVE-2026-43617
|
2026-05-22 05:54 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
106
|
3.7 |
LOW
Network
|
samba
|
rsync
|
Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memor…
Update
|
CWE-193
Off-by-one Error
|
CVE-2026-45232
|
2026-05-22 05:52 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
107
|
5.5 |
MEDIUM
Local
|
samba
|
rsync
|
Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Atta…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-43620
|
2026-05-22 05:47 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
108
|
6.3 |
MEDIUM
Local
|
samba
|
rsync
|
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat …
Update
|
CWE-59
CWE-367
Link Following
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-43619
|
2026-05-22 05:42 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
109
|
8.1 |
HIGH
Network
|
samba
|
rsync
|
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigg…
Update
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2026-43618
|
2026-05-22 05:34 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
110
|
6.5 |
MEDIUM
Network
|
faraday_project
|
faraday
|
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request tar…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-33637
|
2026-05-22 05:17 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
