|
901
|
7.5 |
HIGH
Network
|
-
|
-
|
An out-of-bounds read in the ParseIP6Extended function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-37461
|
2026-05-8 00:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
902
|
7.2 |
HIGH
Network
|
-
|
-
|
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionality (modules/aggiornamenti/upload_modules.php)
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-38751
|
2026-05-8 00:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
903
|
8.1 |
HIGH
Network
|
-
|
-
|
IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authen…
Update
|
CWE-284
Improper Access Control
|
CVE-2025-67796
|
2026-05-8 00:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
904
|
5.9 |
MEDIUM
Network
|
-
|
-
|
eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under…
Update
|
CWE-302
Authentication Bypass by Assumed-Immutable Data
|
CVE-2026-28510
|
2026-05-8 00:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
905
|
7.7 |
HIGH
Local
|
-
|
-
|
The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the write_mem (ioctl 0x89F5) and read_mem (ioct…
Update
|
CWE-200
CWE-782
CWE-787
Information Exposure
Exposed IOCTL with Insufficient Access Control
Out-of-bounds Write
|
CVE-2026-36355
|
2026-05-8 00:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
906
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint.
Update
|
CWE-78
CWE-306
OS Command
Missing Authentication for Critical Function
|
CVE-2026-36356
|
2026-05-8 00:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
907
|
4.7 |
MEDIUM
Network
|
-
|
-
|
ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2025-52206
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
908
|
5.3 |
MEDIUM
Network
|
-
|
-
|
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthen…
Update
|
CWE-696
Incorrect Behavior Order
|
CVE-2026-43002
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
909
|
7.7 |
HIGH
Network
|
-
|
-
|
An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-…
New
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-42997
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
910
|
7.5 |
HIGH
Network
|
-
|
-
|
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14.
New
|
CWE-284
Improper Access Control
|
CVE-2024-52911
|
2026-05-8 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
