|
821
|
7.5 |
HIGH
Network
|
-
|
-
|
@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct bu…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-7768
|
2026-05-5 05:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
822
|
7.5 |
HIGH
Network
|
-
|
-
|
fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real slashes and par…
New
|
CWE-22
Path Traversal
|
CVE-2026-6321
|
2026-05-5 05:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
823
|
7.8 |
HIGH
Local
|
wireshark
|
wireshark
|
RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
Update
|
CWE-122
CWE-787
Heap-based Buffer Overflow
Out-of-bounds Write
|
CVE-2026-5405
|
2026-05-5 05:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
824
|
- |
|
-
|
-
|
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2026-6074. Reason: This record is a reservation duplicate of CVE-2026-6074. Notes: All CVE users should reference CVE-2026-6074 instead of…
New
|
-
|
CVE-2026-34882
|
2026-05-5 05:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
825
|
7.5 |
HIGH
Network
|
-
|
-
|
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a…
New
|
CWE-400
CWE-789
Uncontrolled Resource Consumption
Memory Allocation with Excessive Size Value
|
CVE-2026-42154
|
2026-05-5 04:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
826
|
7.5 |
HIGH
Network
|
-
|
-
|
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/a…
New
|
CWE-200
CWE-312
Information Exposure
Cleartext Storage of Sensitive Information
|
CVE-2026-42151
|
2026-05-5 04:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
827
|
- |
|
-
|
-
|
Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in …
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-41686
|
2026-05-5 04:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
828
|
5.5 |
MEDIUM
Local
|
absolute
|
secure_access
|
CVE-2026-40951 is a memory corruption vulnerability on Secure Access
Windows clients prior to 14.50. Attackers with local control of the
Windows client can send malformed data to an API and trigger…
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-40951
|
2026-05-5 03:54 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
829
|
9.8 |
CRITICAL
Network
|
tenda
|
w308r_firmware
|
Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send…
Update
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2018-25316
|
2026-05-5 03:42 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
830
|
9.8 |
CRITICAL
Network
|
tenda
|
fh303_firmware
a300_firmware
|
Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers ca…
Update
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2018-25318
|
2026-05-5 03:40 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
