|
451
|
5.5 |
MEDIUM
Local
|
wireshark
|
wireshark
|
WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
|
CWE-1325
Improperly Controlled Sequential Memory Allocation
|
CVE-2026-6869
|
2026-05-2 03:15 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
452
|
5.5 |
MEDIUM
Local
|
wireshark
|
wireshark
|
GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2026-6870
|
2026-05-2 03:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
453
|
7.5 |
HIGH
Network
|
apache
|
neethi
|
Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-prod…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-42402
|
2026-05-2 03:08 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
454
|
7.5 |
HIGH
Network
|
apache
|
neethi
|
Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references (where Policy A references Policy B which references Po…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-42403
|
2026-05-2 03:08 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
455
|
7.2 |
HIGH
Network
|
apache
|
neethi
|
Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a poli…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42404
|
2026-05-2 03:06 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
456
|
9.8 |
CRITICAL
Network
|
apache
|
mina
|
The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description:
The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was inc…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-42778
|
2026-05-2 02:55 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
457
|
9.8 |
CRITICAL
Network
|
apache
|
mina
|
The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description:
Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, on…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-42779
|
2026-05-2 02:55 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
458
|
5.9 |
MEDIUM
Network
|
apache
|
airflow
|
Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between …
|
CWE-295
Improper Certificate Validation
|
CVE-2026-41016
|
2026-05-2 02:54 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
459
|
9.6 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, and Thunderbird 140.10.1.
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-7321
|
2026-05-2 02:54 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
460
|
5.3 |
MEDIUM
Network
|
ibm
|
db2
|
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutr…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2025-14688
|
2026-05-2 02:52 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
