|
211
|
9.8 |
CRITICAL
Network
|
absolute
|
secure_access
|
CVE-2026-33447 is a buffer overflow in a message parsing function of the
Secure Access client prior to 14.50. Attackers with control of a
modified server can send a special packet that can overwrit…
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-33447
|
2026-05-5 11:26 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212
|
9.8 |
CRITICAL
Network
|
absolute
|
secure_access
|
CVE-2026-33446 is a buffer overflow in the authentication sub-system of
the Secure Access client prior to 14.50. Attackers with control of a
modified server can send a special packet that can overw…
Update
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-33446
|
2026-05-5 11:19 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213
|
7.2 |
HIGH
Network
|
amazon
|
amazon_ecs_container_agent
|
Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticat…
Update
|
CWE-78
OS Command
|
CVE-2026-7461
|
2026-05-5 11:18 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214
|
5.9 |
MEDIUM
Network
|
hex
|
hex
|
Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.RemoteConverger module) allows dependency integrity bypass via unverified lockfile checksums.
Hex stores checksums for …
Update
|
CWE-354
CWE-494
Improper Validation of Integrity Check Value
Download of Code Without Integrity Check
|
CVE-2026-32148
|
2026-05-5 11:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or r…
New
|
CWE-287
Improper Authentication
|
CVE-2026-5722
|
2026-05-5 11:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216
|
5.4 |
MEDIUM
Network
|
-
|
-
|
@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-40201
|
2026-05-5 11:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217
|
7.5 |
HIGH
Network
|
mercurycom
|
mipc252w_firmware
|
A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://<IP>:554/stream…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31256
|
2026-05-5 10:30 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218
|
5.3 |
MEDIUM
Network
|
-
|
-
|
An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.…
New
|
CWE-36
Absolute Path Traversal
|
CVE-2026-44029
|
2026-05-5 10:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219
|
7.5 |
HIGH
Local
|
-
|
-
|
An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine st…
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-44028
|
2026-05-5 10:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220
|
9.8 |
CRITICAL
Network
|
-
|
-
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM…
New
|
CWE-94
CWE-693
Code Injection
Protection Mechanism Failure
|
CVE-2026-24120
|
2026-05-5 10:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
