|
3161
|
- |
|
-
|
-
|
When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as forc…
|
-
|
CVE-2026-39828
|
2026-05-22 13:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3162
|
- |
|
-
|
-
|
A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerabil…
|
-
|
CVE-2026-9264
|
2026-05-22 11:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3163
|
- |
|
-
|
-
|
Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks.
These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess…
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-5091
|
2026-05-22 11:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3164
|
7.8 |
HIGH
Local
|
freebsd
|
freebsd
|
The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-45250
|
2026-05-22 11:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3165
|
7.7 |
HIGH
Network
|
-
|
-
|
A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulat…
|
CWE-22
Path Traversal
|
CVE-2026-34911
|
2026-05-22 11:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3166
|
10.0 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
|
CWE-20
Improper Input Validation
|
CVE-2026-34910
|
2026-05-22 11:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3167
|
10.0 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an und…
|
CWE-22
Path Traversal
|
CVE-2026-34909
|
2026-05-22 11:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3168
|
10.0 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
|
CWE-284
Improper Access Control
|
CVE-2026-34908
|
2026-05-22 11:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3169
|
9.1 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
|
CWE-20
Improper Input Validation
|
CVE-2026-33000
|
2026-05-22 11:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3170
|
7.8 |
HIGH
Local
|
mullvad
|
mullvad_vpn
|
Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer…
|
CWE-269
CWE-345
CWE-427
NVD-CWE-noinfo
Improper Privilege Management
Insufficient Verification of Data Authenticity
Uncontrolled Search Path Element
|
CVE-2026-32323
|
2026-05-22 09:04 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
