|
741
|
7.8 |
HIGH
Local
|
-
|
-
|
gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink int…
New
|
CWE-59
Link Following
|
CVE-2026-44471
|
2026-05-15 02:18 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
742
|
- |
|
-
|
-
|
OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking…
New
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2026-42186
|
2026-05-15 02:18 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
743
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-3258. Reason: This candidate is a reservation duplicate of CVE-2026-3258. Notes: All CVE users should reference CV…
New
|
-
|
CVE-2026-7805
|
2026-05-15 02:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
744
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
xfrm: esp: avoid in-place decrypt on shared skb frags
MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP
marks…
Update
|
CWE-123
Write-what-where Condition
|
CVE-2026-43284
|
2026-05-15 02:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
745
|
8.8 |
HIGH
Network
|
sentry
|
sentry
|
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log e…
Update
|
CWE-94
Code Injection
|
CVE-2021-47935
|
2026-05-15 02:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
746
|
8.7 |
HIGH
Network
|
-
|
-
|
Exposure of the QKEY (used as
input into the ‘OTA-Quantum’ device registration process) and internal
system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Ag…
New
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-33583
|
2026-05-15 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
747
|
- |
|
-
|
-
|
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion.
cow_spdy:inflate/2 in cowlib…
New
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-43970
|
2026-05-15 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
748
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing.
cowboy_req:read_part/3 …
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-8466
|
2026-05-15 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
749
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in plug_project plug allows denial of service via unbounded buffer accumulation in multipart header parsing.
'Elixir.Plug.Conn':rea…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-8468
|
2026-05-15 02:07 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
750
|
7.5 |
HIGH
Network
|
-
|
-
|
The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links…
New
|
CWE-59
Link Following
|
CVE-2025-27850
|
2026-05-15 02:06 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
