|
591
|
9.8 |
CRITICAL
Network
|
-
|
-
|
NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2025-63704
|
2026-05-9 07:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
592
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
staging: rtl8723bs: fix memory leak on failure path
cfg80211_inform_bss_frame() may return NULL on failure. In that case,
the all…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-43225
|
2026-05-9 06:22 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
593
|
8.1 |
HIGH
Network
|
-
|
-
|
MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing Authent…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44400
|
2026-05-9 06:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
594
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
hfs: Replace BUG_ON with error handling for CNID count checks
In a06ec283e125 next_id, folder_count, and file_count in the super …
|
CWE-617
Reachable Assertion
|
CVE-2026-43228
|
2026-05-9 06:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
595
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
media: pvrusb2: fix URB leak in pvr2_send_request_ex
When pvr2_send_request_ex() submits a write URB successfully but fails to
su…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-43223
|
2026-05-9 06:14 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
596
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
io_uring/zcrx: fix sgtable leak on mapping failures
In an unlikely case when io_populate_area_dma() fails, which could only
happe…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-43224
|
2026-05-9 06:13 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
597
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
clocksource/drivers/sh_tmu: Always leave device running after probe
The TMU device can be used as both a clocksource and a clocke…
|
NVD-CWE-noinfo
|
CVE-2026-43227
|
2026-05-9 06:11 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
598
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
media: radio-keene: fix memory leak in error path
Fix a memory leak in usb_keene_probe(). The v4l2 control handler is
initialized…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-43231
|
2026-05-9 06:09 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
599
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
media: chips-media: wave5: Fix device cleanup order to prevent kernel panic
Move video device unregistration to the beginning of …
|
NVD-CWE-noinfo
|
CVE-2026-43229
|
2026-05-9 06:08 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
600
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: fix potential zero beacon interval in beacon tracking
During fuzz testing, it was discovered that bss_conf->beacon_i…
|
CWE-369
Divide By Zero
|
CVE-2026-43267
|
2026-05-9 06:03 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
