|
421
|
4.4 |
MEDIUM
Local
|
zyxel
|
wre6505_firmware
|
** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow a local attacker …
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2026-7257
|
2026-05-16 12:08 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
422
|
7.5 |
HIGH
Network
|
zyxel
|
nwa1100-n_firmware
|
** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the “webs” binary in Zyxel NWA1100…
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-7287
|
2026-05-16 12:08 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
423
|
6.5 |
MEDIUM
Adjacent
|
pengutronix
|
barebox
|
barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_message_type() function that fails to verify the options pointer remains within …
|
CWE-125
Out-of-bounds Read
|
CVE-2026-34960
|
2026-05-16 12:07 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
424
|
9.8 |
CRITICAL
Network
|
openclaw
|
openclaw
|
A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component blueb…
|
CWE-287
Improper Authentication
|
CVE-2026-8305
|
2026-05-16 12:06 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
425
|
9.8 |
CRITICAL
Network
|
libexpat_project
|
libexpat
|
`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this…
|
CWE-331
Insufficient Entropy
|
CVE-2026-7210
|
2026-05-16 12:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
426
|
8.1 |
HIGH
Network
|
bitwarden
|
server
|
Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management …
|
CWE-303
Incorrect Implementation of Authentication Algorithm
|
CVE-2026-43640
|
2026-05-16 12:04 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
427
|
9.1 |
CRITICAL
Network
|
bitwarden
|
server
|
Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via `POST /providers/{provide…
|
CWE-862
Missing Authorization
|
CVE-2026-43639
|
2026-05-16 12:04 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
428
|
5.4 |
MEDIUM
Network
|
bitwarden
|
server
|
Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to write ciphers into an arbitrary organization via `POST /ciphers/import-organiz…
|
CWE-862
Missing Authorization
|
CVE-2026-43638
|
2026-05-16 11:55 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
429
|
5.6 |
MEDIUM
Network
|
dell
|
elastic_cloud_storage
objectscale
|
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthentica…
|
CWE-302
Authentication Bypass by Assumed-Immutable Data
|
CVE-2025-43992
|
2026-05-16 11:52 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
430
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-416
Use After Free
|
CVE-2026-8581
|
2026-05-16 11:48 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
