|
2591
|
- |
|
-
|
-
|
Code Injection vulnerability in phenixdigital phoenix_storybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation.
The psb-assign…
|
CWE-94
Code Injection
|
CVE-2026-8467
|
2026-05-22 00:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2592
|
- |
|
-
|
-
|
Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenix_storybook allows cross-session PubSub topic injection via a URL query parameter.
'Elixir.PhoenixStorybook.Stor…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-47068
|
2026-05-22 00:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2593
|
7.5 |
HIGH
Adjacent
|
-
|
-
|
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network. This is implemented us…
|
CWE-78
OS Command
|
CVE-2026-45255
|
2026-05-22 00:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2594
|
8.4 |
HIGH
Local
|
-
|
-
|
ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-45253
|
2026-05-22 00:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2595
|
5.5 |
MEDIUM
Network
|
-
|
-
|
When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE …
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-45252
|
2026-05-22 00:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2596
|
7.8 |
HIGH
Local
|
-
|
-
|
A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, t…
|
CWE-416
Use After Free
|
CVE-2026-45251
|
2026-05-22 00:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2597
|
8.8 |
HIGH
Local
|
-
|
-
|
libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descript…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-39461
|
2026-05-22 00:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2598
|
7.8 |
HIGH
Local
|
-
|
-
|
An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations.
Please not…
|
CWE-346
Origin Validation Error
|
CVE-2025-71217
|
2026-05-22 00:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2599
|
7.8 |
HIGH
Local
|
-
|
-
|
A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations.
Please note: an att…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2025-71216
|
2026-05-22 00:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2600
|
7.0 |
HIGH
Local
|
-
|
-
|
A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations.
…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2025-71215
|
2026-05-22 00:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
