|
1011
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Sensitive server_token exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmissi…
Update
|
CWE-598
Information Exposure Through Query Strings in GET Request
|
CVE-2026-37504
|
2026-05-8 00:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1012
|
4.9 |
MEDIUM
Network
|
-
|
-
|
SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy($sort, $sortType) wit…
Update
|
CWE-89
SQL Injection
|
CVE-2026-37505
|
2026-05-8 00:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1013
|
8.4 |
HIGH
Local
|
-
|
-
|
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server (Server.php:87) receives data from a TCP socket, passes it directly to Opis\Closure\unserialize(),…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-37552
|
2026-05-8 00:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1014
|
6.5 |
MEDIUM
Network
|
-
|
-
|
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `on` array to the joinOn function in BuildHelper.php.
Update
|
CWE-89
SQL Injection
|
CVE-2026-42475
|
2026-05-8 00:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1015
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A stack-based out-of-bounds read vulnerability in VrmlData_Scene::ReadLine in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted …
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42480
|
2026-05-8 00:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1016
|
7.1 |
HIGH
Adjacent
|
-
|
-
|
openxc/isotp-c thru commit 5a5d19245f65189202719321facd49ce6f5d46ac (2021-08-09) contains an out-of-bounds read in the ISO-TP Single Frame receive handler, where the 4-bit payload length nibble is us…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-37535
|
2026-05-8 00:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1017
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
miaofng/uds-c commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a (2016-10-05) contains a stack buffer overflow in send_diagnostic_request. A 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) receives …
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-37536
|
2026-05-8 00:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1018
|
8.1 |
HIGH
Adjacent
|
-
|
-
|
collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 (2023-03-08) contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling. At…
Update
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-37537
|
2026-05-8 00:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1019
|
7.5 |
HIGH
Network
|
-
|
-
|
Buffer overflow vulnerability in socketcand 0.4.2 in file socketcand.c in function main allows attackers to cause a denial of service or other unspecified impacts via crafted bus_name.
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-37538
|
2026-05-8 00:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1020
|
8.4 |
HIGH
Local
|
-
|
-
|
OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elf_loader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF h…
Update
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-37540
|
2026-05-8 00:53 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
