|
1301
|
7.8 |
HIGH
Local
|
dail8859
|
notepad_next
|
Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension() function interpolates a file's extension directly into a Lua script…
Update
|
CWE-94
Code Injection
|
CVE-2026-42214
|
2026-05-13 05:24 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1302
|
7.5 |
HIGH
Network
|
golang
|
go
|
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.
Update
|
CWE-415
Double Free
|
CVE-2026-33811
|
2026-05-13 05:23 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1303
|
4.7 |
MEDIUM
Network
|
google
|
chrome
|
Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security…
Update
|
CWE-416
Use After Free
|
CVE-2026-7910
|
2026-05-13 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1304
|
8.8 |
HIGH
Network
|
dlink
|
dcs-935l_firmware
|
A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipu…
Update
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-8260
|
2026-05-13 04:45 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1305
|
9.8 |
CRITICAL
Network
|
tenda
|
ac10u_firmware
|
A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipula…
Update
|
CWE-77
CWE-78
CWE-787
Command Injection
OS Command
Out-of-bounds Write
|
CVE-2026-8263
|
2026-05-13 04:41 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1306
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release
The atmel_hlcdc_plane_atomic_duplicate_state() callback was …
Update
|
CWE-416
Use After Free
|
CVE-2026-43236
|
2026-05-13 03:59 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1307
|
6.7 |
MEDIUM
Local
|
-
|
-
|
An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5…
New
|
CWE-78
OS Command
|
CVE-2025-53680
|
2026-05-13 03:57 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1308
|
7.2 |
HIGH
Network
|
-
|
-
|
An improper neutralization of special elements used in an SQL Command ("SQL Injection&") vulnerability [CWE-89] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5,…
New
|
CWE-89
SQL Injection
|
CVE-2025-53681
|
2026-05-13 03:57 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1309
|
8.8 |
HIGH
Network
|
-
|
-
|
A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11 allows attacker to execute unauthorized code or commands via spe…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2025-53844
|
2026-05-13 03:57 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1310
|
6.7 |
MEDIUM
Local
|
-
|
-
|
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versi…
New
|
CWE-78
OS Command
|
CVE-2025-53870
|
2026-05-13 03:57 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
