|
651
|
6.2 |
MEDIUM
Local
|
-
|
-
|
OpenMcdf is a fully .NET / C# library to manipulate Compound File Binary File Format files, also known as Structured Storage. Prior to version 3.1.3, OpenMcdf does not detect cycles in the directory …
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-41511
|
2026-05-9 04:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
652
|
7.5 |
HIGH
Network
|
-
|
-
|
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
|
-
|
CVE-2026-33814
|
2026-05-9 04:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
653
|
9.8 |
CRITICAL
Network
|
vm2_project
|
vm2
|
vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run() obtains host process object and …
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-26956
|
2026-05-9 04:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
654
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate()
Although it is guided that `#mbox-cells` must be at least 1, there…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-43281
|
2026-05-9 04:13 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
655
|
8.8 |
HIGH
Network
|
jupyter
|
jupyter_server
|
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_d…
|
CWE-22
Path Traversal
|
CVE-2026-35397
|
2026-05-9 04:11 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
656
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
RDMA/ionic: Fix potential NULL pointer dereference in ionic_query_port
The function ionic_query_port() calls ib_device_get_netdev…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-43282
|
2026-05-9 04:09 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
657
|
7.5 |
HIGH
Network
|
thecodingmachine
|
gotenberg
|
Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-se…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-40280
|
2026-05-9 04:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
658
|
7.8 |
HIGH
Local
|
osgeo
|
gdal
|
A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName lead…
|
CWE-119
CWE-122
Incorrect Access of Indexable Resource ('Range Error')
Heap-based Buffer Overflow
|
CVE-2026-8086
|
2026-05-9 04:04 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
659
|
7.8 |
HIGH
Local
|
osgeo
|
gdal
|
A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldNam…
|
CWE-119
CWE-122
Incorrect Access of Indexable Resource ('Range Error')
Heap-based Buffer Overflow
|
CVE-2026-8087
|
2026-05-9 04:03 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
660
|
7.2 |
HIGH
Network
|
thecodingmachine
|
gotenberg
|
Gotenberg is an API-based document conversion tool. In version 8.29.1, an unauthenticated attacker with network access can force the server to make outbound HTTP POST requests to arbitrary internal o…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-39383
|
2026-05-9 04:02 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
