|
2961
|
7.8 |
HIGH
Local
|
freebsd
|
freebsd
|
The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-45250
|
2026-05-22 11:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2962
|
7.7 |
HIGH
Network
|
-
|
-
|
A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulat…
|
CWE-22
Path Traversal
|
CVE-2026-34911
|
2026-05-22 11:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2963
|
10.0 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
|
CWE-20
Improper Input Validation
|
CVE-2026-34910
|
2026-05-22 11:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2964
|
10.0 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an und…
|
CWE-22
Path Traversal
|
CVE-2026-34909
|
2026-05-22 11:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2965
|
10.0 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
|
CWE-284
Improper Access Control
|
CVE-2026-34908
|
2026-05-22 11:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2966
|
9.1 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
|
CWE-20
Improper Input Validation
|
CVE-2026-33000
|
2026-05-22 11:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2967
|
7.8 |
HIGH
Local
|
mullvad
|
mullvad_vpn
|
Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer…
|
CWE-269
CWE-345
CWE-427
NVD-CWE-noinfo
Improper Privilege Management
Insufficient Verification of Data Authenticity
Uncontrolled Search Path Element
|
CVE-2026-32323
|
2026-05-22 09:04 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2968
|
4.3 |
MEDIUM
Network
|
glpi-project
|
glpi
|
GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue…
|
CWE-862
Missing Authorization
|
CVE-2026-32312
|
2026-05-22 08:57 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2969
|
3.5 |
LOW
Network
|
github
|
cli
|
`gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users vie…
|
CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
|
CVE-2026-45803
|
2026-05-22 08:47 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2970
|
10.0 |
CRITICAL
Network
|
microsoft
|
azure_local
azure_resource_manager
|
Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-42822
|
2026-05-22 08:45 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
