|
281
|
7.5 |
HIGH
Network
|
fleetdm
|
fleet
|
Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing clien…
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-46356
|
2026-05-19 00:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282
|
6.5 |
MEDIUM
Network
|
webpack.js
|
webpack-dev-server
|
webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix r…
Update
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-6402
|
2026-05-19 00:23 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283
|
5.3 |
MEDIUM
Network
|
-
|
-
|
### Summary
`qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and not ha…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8723
|
2026-05-19 00:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284
|
8.2 |
HIGH
Network
|
-
|
-
|
Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.patch() APIs. An attacker can perform pro…
New
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-8657
|
2026-05-19 00:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting (XSS) via the annotated formatter due to improper sanitization of JSON values and property names. If an appli…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8656
|
2026-05-19 00:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286
|
7.8 |
HIGH
Local
|
amd
|
radeon_software
cleanup_utility
|
A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-36333
|
2026-05-19 00:15 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287
|
8.8 |
HIGH
Network
|
postgresql
|
postgresql
|
Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if…
Update
|
CWE-89
CWE-121
SQL Injection
Stack-based Buffer Overflow
|
CVE-2026-6637
|
2026-05-19 00:05 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288
|
4.3 |
MEDIUM
Network
|
postgresql
|
postgresql
|
Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintain…
Update
|
CWE-126
Buffer Over-read
|
CVE-2026-6575
|
2026-05-19 00:04 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289
|
7.5 |
HIGH
Network
|
postgresql
|
postgresql
|
Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disable…
Update
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-6479
|
2026-05-19 00:04 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290
|
6.5 |
MEDIUM
Network
|
postgresql
|
postgresql
|
Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 …
Update
|
CWE-385
Covert Timing Channel
|
CVE-2026-6478
|
2026-05-19 00:03 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
