|
1781
|
- |
|
-
|
-
|
Improper privilege management in the KVM key download component could allow an attacker to swap tokens and download sensitive keys, potentially resulting in unauthorized access to privileged resource…
|
CWE-269
Improper Privilege Management
|
CVE-2025-62625
|
2026-05-15 00:53 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1782
|
- |
|
-
|
-
|
Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2025-62628
|
2026-05-15 00:53 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1783
|
5.5 |
MEDIUM
Local
|
microsoft
|
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2025
|
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
|
CWE-125
Out-of-bounds Read
|
CVE-2026-35419
|
2026-05-15 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1784
|
7.1 |
HIGH
Local
|
m2team
|
nanazip
|
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. The vulnerability is triggered …
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42446
|
2026-05-15 00:49 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1785
|
7.1 |
HIGH
Network
|
m2team
|
nanazip
|
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-44215
|
2026-05-15 00:48 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1786
|
8.8 |
HIGH
Adjacent
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-34329
|
2026-05-15 00:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1787
|
7.5 |
HIGH
Network
|
vllm
|
vllm
|
vLLM is an inference and serving engine for large language models (LLMs). From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, tex…
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-44222
|
2026-05-15 00:38 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1788
|
10.0 |
CRITICAL
Network
|
vm2_project
|
vm2
|
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use the host Object, to escape the sandbox, one example would be usi…
|
CWE-94
Code Injection
|
CVE-2026-43997
|
2026-05-15 00:37 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1789
|
8.5 |
HIGH
Network
|
vm2_project
|
vm2
|
vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the all…
|
CWE-59
Link Following
|
CVE-2026-43998
|
2026-05-15 00:36 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1790
|
7.2 |
HIGH
Network
|
vm2_project
|
vm2
|
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-s…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-44000
|
2026-05-15 00:35 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
