|
1121
|
9.8 |
CRITICAL
Network
|
synway
|
smg_gateway_management_software
|
Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and in…
Update
|
CWE-78
OS Command
|
CVE-2025-71284
|
2026-05-6 03:09 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1122
|
8.0 |
HIGH
Network
|
jenkins
|
html_publisher
|
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-42524
|
2026-05-6 03:06 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1123
|
9.0 |
CRITICAL
Network
|
jenkins
|
github
|
Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-42523
|
2026-05-6 03:06 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1124
|
5.9 |
MEDIUM
Network
|
elastic
|
elastic_package_registry
|
Improper Verification of Cryptographic Signature (CWE-347) in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served t…
Update
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-33467
|
2026-05-6 02:55 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1125
|
4.4 |
MEDIUM
Local
|
oracle
|
linux
|
An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-level dtrace attaches to -- or instruments -- that process (via…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-35233
|
2026-05-6 02:46 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1126
|
5.5 |
MEDIUM
Local
|
oracle
|
linux
|
An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuild_file_symtab()
Update
|
CWE-369
Divide By Zero
|
CVE-2026-21996
|
2026-05-6 02:45 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1127
|
7.3 |
HIGH
Network
|
gnu
|
glibc
|
The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write w…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-5435
|
2026-05-6 02:38 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1128
|
7.8 |
HIGH
Local
|
kde
|
kcoreaddons
|
In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading …
Update
|
CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
|
CVE-2026-41526
|
2026-05-6 02:25 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1129
|
2.6 |
LOW
Adjacent
|
-
|
-
|
A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_rout…
New
|
CWE-310
CWE-330
Cryptographic Issues
Use of Insufficiently Random Values
|
CVE-2026-7847
|
2026-05-6 02:17 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1130
|
5.9 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with a…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-34956
|
2026-05-6 02:17 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
