|
431
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter.
Update
|
CWE-78
OS Command
|
CVE-2026-37281
|
2026-05-21 02:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
432
|
10.0 |
CRITICAL
Network
|
-
|
-
|
CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer (public/installer/index.php) is vulnerable to unauthenticated Remote Code Executi…
New
|
CWE-78
CWE-284
OS Command
Improper Access Control
|
CVE-2026-34234
|
2026-05-21 02:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
433
|
7.1 |
HIGH
Network
|
-
|
-
|
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decode_mask_image(). When decoding a HEIF file containing a mas…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-32741
|
2026-05-21 02:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
434
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The JSONSerializer and CBORSerializer in APScheduler (all versions including 3.10.x and 4.0.0a5) are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization. The unmarshal_object funct…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-31072
|
2026-05-21 02:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
435
|
9.8 |
CRITICAL
Network
|
nvidia
|
triton_inference_server
|
NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution,…
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-24214
|
2026-05-21 02:13 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
436
|
7.5 |
HIGH
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application …
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-34649
|
2026-05-21 02:13 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
437
|
7.5 |
HIGH
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application …
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-34650
|
2026-05-21 02:13 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
438
|
7.5 |
HIGH
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application …
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-34651
|
2026-05-21 02:13 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
439
|
7.5 |
HIGH
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result i…
Update
|
NVD-CWE-Other
|
CVE-2026-34652
|
2026-05-21 02:12 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
440
|
6.8 |
MEDIUM
Physics
|
microsoft
|
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2025
|
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coor…
New
|
CWE-77
Command Injection
|
CVE-2026-45585
|
2026-05-21 01:42 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
