|
2741
|
- |
|
-
|
-
|
The CSP report endpoint intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients,…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-9137
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2742
|
- |
|
-
|
-
|
A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9136
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2743
|
- |
|
-
|
-
|
The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerabil…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-0393
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2744
|
- |
|
-
|
-
|
Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary Jav…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6841
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2745
|
7.8 |
HIGH
Local
|
-
|
-
|
NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of serv…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-24216
|
2026-05-22 00:26 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2746
|
8.8 |
HIGH
Network
|
-
|
-
|
NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might lead to code execution, …
|
CWE-29
Path Traversal: '\..\filename'
|
CVE-2026-24217
|
2026-05-22 00:26 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2747
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could …
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-9150
|
2026-05-22 00:26 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2748
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. T…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-9149
|
2026-05-22 00:26 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2749
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1 fail to validate team-level run_create permission against the target team when creating a playbook run which allows an authenticated team member to create runs in…
|
CWE-863
Incorrect Authorization
|
CVE-2026-4055
|
2026-05-22 00:26 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2750
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Mattermost Mobile Apps versions <=2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Ma…
|
CWE-352
Origin Validation Error
|
CVE-2026-22880
|
2026-05-22 00:26 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
