|
1161
|
8.8 |
HIGH
Network
|
postgresql
|
postgresql
|
Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-6473
|
2026-05-18 23:59 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1162
|
5.4 |
MEDIUM
Network
|
postgresql
|
postgresql
|
Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, t…
|
CWE-862
Missing Authorization
|
CVE-2026-6472
|
2026-05-18 23:59 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1163
|
6.5 |
MEDIUM
Network
|
grafana
|
grafana
|
The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated us…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-28376
|
2026-05-18 23:57 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1164
|
5.5 |
MEDIUM
Local
|
m2team
|
nanazip
|
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method re…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42444
|
2026-05-18 23:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1165
|
8.8 |
HIGH
Network
|
postgresql
|
postgresql
|
SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credenti…
|
CWE-89
SQL Injection
|
CVE-2026-6638
|
2026-05-18 23:14 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1166
|
7.5 |
HIGH
Network
|
openbao
|
openbao
|
OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking…
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2026-42186
|
2026-05-18 23:10 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1167
|
6.5 |
MEDIUM
Network
|
fleetdm
|
fleet
|
Fleet is open source device management software. Prior to version 4.81.0, Fleet contained a denial-of-service (DoS) issue in the gRPC Launcher `PublishLogs` endpoint. In affected versions, certain un…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-26062
|
2026-05-18 23:09 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1168
|
7.5 |
HIGH
Network
|
netty
|
netty
|
Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after bei…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2026-42577
|
2026-05-18 23:05 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1169
|
9.8 |
CRITICAL
Network
|
fleetdm
|
fleet
|
Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet's software installer pipeline could allow a crafted software package to execute arbitrary commands a…
|
CWE-78
OS Command
|
CVE-2026-26191
|
2026-05-18 23:05 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1170
|
6.5 |
MEDIUM
Network
|
netty
|
netty
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. Th…
|
CWE-190
CWE-444
Integer Overflow or Wraparound
HTTP Request Smuggling
|
CVE-2026-42580
|
2026-05-18 23:03 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
