|
2681
|
8.5 |
HIGH
Network
|
-
|
-
|
Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type da…
|
CWE-89
SQL Injection
|
CVE-2026-44706
|
2026-05-27 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2682
|
8.7 |
HIGH
Network
|
-
|
-
|
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting (XSS) via attachment filenames in assessment file preview f…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44669
|
2026-05-27 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2683
|
6.5 |
MEDIUM
Network
|
-
|
-
|
e107 is a content management system (CMS). Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by othe…
|
CWE-284
CWE-639
Improper Access Control
Authorization Bypass Through User-Controlled Key
|
CVE-2026-43934
|
2026-05-27 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2684
|
3.5 |
LOW
Network
|
-
|
-
|
Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output <dir>" w…
|
CWE-22
Path Traversal
|
CVE-2026-42448
|
2026-05-27 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2685
|
6.5 |
MEDIUM
Network
|
-
|
-
|
libyang before 5.2.6 contains a heap use-after-free write vulnerability in lyd_parser_set_data_flags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. At…
|
CWE-416
Use After Free
|
CVE-2026-41401
|
2026-05-27 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2686
|
4.4 |
MEDIUM
Network
|
-
|
-
|
nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint (/auth/v1/introspect_access_token) accepts any JWT signed by…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-41164
|
2026-05-27 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2687
|
5.8 |
MEDIUM
Local
|
-
|
-
|
NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-24201
|
2026-05-27 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2688
|
7.0 |
HIGH
Local
|
-
|
-
|
NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to den…
|
CWE-416
Use After Free
|
CVE-2026-24200
|
2026-05-27 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2689
|
5.6 |
MEDIUM
Local
|
-
|
-
|
NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of sensitive informati…
|
CWE-200
Information Exposure
|
CVE-2026-24198
|
2026-05-27 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2690
|
6.5 |
MEDIUM
Local
|
-
|
-
|
NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lea…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2026-24197
|
2026-05-27 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
