|
1681
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access intern…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-9141
|
2026-05-22 00:17 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1682
|
7.6 |
HIGH
Network
|
-
|
-
|
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute pe…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9144
|
2026-05-22 00:17 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1683
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenix_storybook allows unauthenticated denial-of-service via BEAM atom table exhaustion.
Multiple LiveView event…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-8469
|
2026-05-22 00:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1684
|
- |
|
-
|
-
|
Code Injection vulnerability in phenixdigital phoenix_storybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation.
The psb-assign…
|
CWE-94
Code Injection
|
CVE-2026-8467
|
2026-05-22 00:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1685
|
- |
|
-
|
-
|
Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenix_storybook allows cross-session PubSub topic injection via a URL query parameter.
'Elixir.PhoenixStorybook.Stor…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-47068
|
2026-05-22 00:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1686
|
7.5 |
HIGH
Adjacent
|
-
|
-
|
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network. This is implemented us…
|
CWE-78
OS Command
|
CVE-2026-45255
|
2026-05-22 00:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1687
|
8.4 |
HIGH
Local
|
-
|
-
|
ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-45253
|
2026-05-22 00:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1688
|
5.5 |
MEDIUM
Network
|
-
|
-
|
When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE …
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-45252
|
2026-05-22 00:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1689
|
7.8 |
HIGH
Local
|
-
|
-
|
A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, t…
|
CWE-416
Use After Free
|
CVE-2026-45251
|
2026-05-22 00:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1690
|
8.8 |
HIGH
Local
|
-
|
-
|
libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descript…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-39461
|
2026-05-22 00:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
