|
881
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Reject sleepable kprobe_multi programs at attach time
kprobe.multi programs run in atomic/RCU context and cannot sleep.
Howe…
Update
|
NVD-CWE-noinfo
|
CVE-2026-43010
|
2026-05-8 05:26 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
882
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix incorrect pruning due to atomic fetch precision tracking
When backtrack_insn encounters a BPF_STX instruction with BPF_A…
Update
|
NVD-CWE-noinfo
|
CVE-2026-43009
|
2026-05-8 05:25 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
883
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
gpio: qixis-fpga: Fix error handling for devm_regmap_init_mmio()
devm_regmap_init_mmio() returns an ERR_PTR() on failure, not NUL…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-43008
|
2026-05-8 05:24 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
884
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
accel/qaic: Handle DBC deactivation if the owner went away
When a DBC is released, the device sends a QAIC_TRANS_DEACTIVATE_FROM_…
Update
|
CWE-415
Double Free
|
CVE-2026-43007
|
2026-05-8 05:24 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
885
|
7.8 |
HIGH
Local
|
-
|
-
|
Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension() function interpolates a file's extension directly into a Lua script…
New
|
CWE-94
Code Injection
|
CVE-2026-42214
|
2026-05-8 05:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
886
|
7.6 |
HIGH
Network
|
-
|
-
|
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-41904
|
2026-05-8 05:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
887
|
9.8 |
CRITICAL
Network
|
hcltech
|
dfxanalytics
|
HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and …
Update
|
NVD-CWE-noinfo
|
CVE-2025-59851
|
2026-05-8 05:04 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
888
|
9.1 |
CRITICAL
Network
|
hcltech
|
dfxanalytics
|
HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise t…
Update
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2025-59852
|
2026-05-8 05:03 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
889
|
5.3 |
MEDIUM
Network
|
hcltech
|
dfxanalytics
|
HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the appl…
Update
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2025-59853
|
2026-05-8 05:03 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
890
|
6.1 |
MEDIUM
Network
|
hcltech
|
dfxanalytics
|
HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit b…
Update
|
CWE-80
CWE-79
Basic XSS
Cross-site Scripting
|
CVE-2025-59854
|
2026-05-8 05:02 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
