|
641
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Fix double destroy_workqueue on service rescan PCI path
While testing corner cases in the driver, a use-after-free cra…
|
CWE-415
Double Free
|
CVE-2026-43276
|
2026-05-9 04:32 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
642
|
9.8 |
CRITICAL
Network
|
vm2_project
|
vm2
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and…
|
CWE-94
CWE-693
Code Injection
Protection Mechanism Failure
|
CVE-2026-24118
|
2026-05-9 04:30 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
643
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Flush exception handling work when RPM level is zero
Ensure that the exception event handling work is explicitly…
|
CWE-362
Race Condition
|
CVE-2026-43275
|
2026-05-9 04:30 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
644
|
9.8 |
CRITICAL
Network
|
vm2_project
|
vm2
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM…
|
CWE-94
CWE-693
Code Injection
Protection Mechanism Failure
|
CVE-2026-24120
|
2026-05-9 04:29 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
645
|
9.8 |
CRITICAL
Network
|
vm2_project
|
vm2
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can es…
|
CWE-94
CWE-693
Code Injection
Protection Mechanism Failure
|
CVE-2026-24781
|
2026-05-9 04:29 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
646
|
9.8 |
CRITICAL
Network
|
kestra
|
kestra
|
Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitiza…
|
CWE-89
SQL Injection
|
CVE-2026-38428
|
2026-05-9 04:24 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
647
|
8.8 |
HIGH
Network
|
fit2cloud
|
sqlbot
|
SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided que…
|
CWE-89
SQL Injection
|
CVE-2026-33324
|
2026-05-9 04:22 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
648
|
5.3 |
MEDIUM
Network
|
dani-garcia
|
vaultwarden
|
Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the get_org_collections_details endpoint (GET /api/organizations/{org_id}/collections/details) is missing …
|
CWE-862
Missing Authorization
|
CVE-2026-33420
|
2026-05-9 04:19 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
649
|
5.3 |
MEDIUM
Network
|
sandboxie-plus
|
sandboxie
|
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high…
|
CWE-328
Use of Weak Hash
|
CVE-2026-34527
|
2026-05-9 04:17 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
650
|
8.1 |
HIGH
Network
|
-
|
-
|
An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. A…
|
CWE-470
Unsafe Reflection
|
CVE-2026-8178
|
2026-05-9 04:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
