|
631
|
6.3 |
MEDIUM
Network
|
-
|
-
|
An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect h…
Update
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-6915
|
2026-05-1 00:13 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
632
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC ad…
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-7422
|
2026-05-1 00:13 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
633
|
5.3 |
MEDIUM
Adjacent
|
-
|
-
|
Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device crash) when outgoing pi…
New
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-7423
|
2026-05-1 00:13 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
634
|
8.1 |
HIGH
Adjacent
|
-
|
-
|
Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, an…
New
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-7424
|
2026-05-1 00:13 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
635
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service (device crash…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-7425
|
2026-05-1 00:13 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
636
|
8.1 |
HIGH
Adjacent
|
-
|
-
|
Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-7426
|
2026-05-1 00:13 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
637
|
4.8 |
MEDIUM
Network
|
-
|
-
|
wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpos…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-1858
|
2026-05-1 00:13 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
638
|
7.4 |
HIGH
Network
|
-
|
-
|
In JetBrains IntelliJ IDEA before 2024.3.7.1,
2025.1.7.1,
2025.2.6.2,
2025.3.4.1,
2026.1.1 reading arbitrary local files was possible via built-in web server
New
|
CWE-59
Link Following
|
CVE-2026-41882
|
2026-05-1 00:13 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
639
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully pr…
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-22740
|
2026-05-1 00:11 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
640
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources.
More precisely, an application can be vulnerable when all the following are true:
…
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-22745
|
2026-05-1 00:11 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
