|
71
|
6.5 |
MEDIUM
Network
|
jenkins
|
matrix_authorization_strategy
|
Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategi…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-42521
|
2026-05-7 01:21 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
72
|
4.3 |
MEDIUM
Network
|
jenkins
|
github_branch_source
|
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacke…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-42522
|
2026-05-7 01:18 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
73
|
8.4 |
HIGH
Local
|
hmbrand
|
text\
|
Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption.
The Parse, print, get…
Update
|
CWE-416
CWE-825
Use After Free
Expired Pointer Dereference
|
CVE-2026-7111
|
2026-05-7 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
74
|
8.8 |
HIGH
Network
|
redis
|
redis
|
Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to exe…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-25243
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
75
|
8.6 |
HIGH
Network
|
-
|
-
|
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7412
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
76
|
10.0 |
CRITICAL
Network
|
-
|
-
|
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal att…
New
|
CWE-22
Path Traversal
|
CVE-2026-7411
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
77
|
7.5 |
HIGH
Network
|
wireshark
|
wireshark
|
Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-7376
|
2026-05-7 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
78
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization (the lowest authenticated role, hold…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-6863
|
2026-05-7 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
79
|
- |
|
-
|
-
|
A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accep…
New
|
-
|
CVE-2026-6860
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
80
|
- |
|
-
|
-
|
Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000.
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-6788
|
2026-05-7 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
