|
1171
|
7.8 |
HIGH
Local
|
-
|
-
|
NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service,…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-24191
|
2026-05-27 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1172
|
7.8 |
HIGH
Local
|
-
|
-
|
NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability mi…
New
|
CWE-862
Missing Authorization
|
CVE-2026-24190
|
2026-05-27 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1173
|
8.8 |
HIGH
Local
|
-
|
-
|
NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial of service, escalation of priv…
New
|
CWE-416
Use After Free
|
CVE-2026-24187
|
2026-05-27 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1174
|
6.5 |
MEDIUM
Local
|
-
|
-
|
NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service.
New
|
CWE-667
Improper Locking
|
CVE-2026-24182
|
2026-05-27 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1175
|
4.4 |
MEDIUM
Local
|
-
|
-
|
NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of…
New
|
CWE-20
Improper Input Validation
|
CVE-2025-33221
|
2026-05-27 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1176
|
8.8 |
HIGH
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple(). The Concrete CMS security team gave this vulnerability a CVSS v.4…
Update
|
CWE-352
CWE-1275
Origin Validation Error
Sensitive Cookie with Improper SameSite Attribute
|
CVE-2026-8434
|
2026-05-27 02:59 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1177
|
6.5 |
MEDIUM
Network
|
golang
|
crypto
|
An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users.…
Update
|
CWE-924
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
|
CVE-2026-39827
|
2026-05-27 02:58 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1178
|
5.3 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since action_get_events does not check canView on the calendar which results in restricted event details being…
Update
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2026-8205
|
2026-05-27 02:43 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1179
|
8.8 |
HIGH
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access …
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-8350
|
2026-05-27 02:42 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1180
|
5.4 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized. The Concrete CMS security team gave this vulnera…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-8139
|
2026-05-27 02:41 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
