|
751
|
8.1 |
HIGH
Network
|
-
|
-
|
mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backe…
|
CWE-89
SQL Injection
|
CVE-2026-42167
|
2026-05-2 01:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
752
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenS…
|
-
|
CVE-2026-37554
|
2026-05-2 01:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
753
|
8.4 |
HIGH
Local
|
-
|
-
|
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server (Server.php:87) receives data from a TCP socket, passes it directly to Opis\Closure\unserialize(),…
|
-
|
CVE-2026-37552
|
2026-05-2 01:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
754
|
4.9 |
MEDIUM
Network
|
-
|
-
|
SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy($sort, $sortType) wit…
|
-
|
CVE-2026-37505
|
2026-05-2 01:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
755
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Sensitive server_token exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmissi…
|
-
|
CVE-2026-37504
|
2026-05-2 01:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
756
|
6.9 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Scripting (XSS) in V2Board thru 1.7.4. The custom_html field in theme configuration is rendered using Blade unescaped output in public/theme/v2board/dashboard.blade.php. An admin can injec…
|
-
|
CVE-2026-37503
|
2026-05-2 01:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
757
|
8.1 |
HIGH
Network
|
freebsd
|
freebsd
|
When processing the header of an incoming message, libnv failed to properly validate the message size.
The lack of validation allows a malicious program to write outside the bounds of a heap allocat…
|
CWE-122
CWE-130
Heap-based Buffer Overflow
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-35547
|
2026-05-2 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
758
|
- |
|
-
|
-
|
Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages.
Under certain circumstances this exploit could b…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-22167
|
2026-05-2 01:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
759
|
- |
|
-
|
-
|
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the pro…
|
CWE-416
Use After Free
|
CVE-2026-22165
|
2026-05-2 01:16 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
760
|
7.7 |
HIGH
Network
|
getoutline
|
outline
|
Outline is a service that allows for collaborative documentation. The `shares.create` API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-41649
|
2026-05-2 00:54 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
