|
1241
|
5.3 |
MEDIUM
Network
|
hcltech
|
bigfix_service_management
|
HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially a…
|
CWE-200
Information Exposure
|
CVE-2025-31975
|
2026-05-8 01:33 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1242
|
7.5 |
HIGH
Network
|
hcltech
|
bigfix_service_management
|
HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a short duration while communicating with a backend, internal application which could allow an attacker to…
|
CWE-200
CWE-522
Information Exposure
Insufficiently Protected Credentials
|
CVE-2025-31976
|
2026-05-8 01:30 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1243
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: uvc: fix NULL pointer dereference during unbind race
Commit b81ac4395bbe ("usb: gadget: uvc: allow for application t…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31726
|
2026-05-8 01:26 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1244
|
4.6 |
MEDIUM
Network
|
hcltech
|
bigfix_service_management
|
HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields whic…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2025-31978
|
2026-05-8 01:26 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1245
|
5.4 |
MEDIUM
Network
|
hcltech
|
bigfix_service_management
|
HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, p…
|
CWE-200
Information Exposure
|
CVE-2025-31984
|
2026-05-8 01:25 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1246
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo
Commit ec35c1969650 ("usb: gadget: f_ncm: Fix net_device lifecycl…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31727
|
2026-05-8 01:20 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1247
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetch_metadata.php validates the resolved IP address but passes the original hostname-…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42194
|
2026-05-8 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1248
|
6.0 |
MEDIUM
Network
|
-
|
-
|
Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the webhook notification feature reuses an administrator-configured local-target allowlist for ever…
|
CWE-863
CWE-918
Incorrect Authorization
Server-Side Request Forgery (SSRF)
|
CVE-2026-41689
|
2026-05-8 01:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1249
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php (line 42) and endpoints/payments/add.php (line 40)…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41687
|
2026-05-8 01:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1250
|
- |
|
-
|
-
|
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior,…
|
CWE-91
Blind XPath Injection
|
CVE-2026-41672
|
2026-05-8 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
