|
161
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove()
In mtk_mdp_probe(), vpu_get_plat_device() increases the reference
co…
Update
|
NVD-CWE-Other
|
CVE-2026-43270
|
2026-05-9 05:00 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
162
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
md-cluster: fix NULL pointer dereference in process_metadata_update
The function process_metadata_update() blindly dereferences t…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-43271
|
2026-05-9 05:00 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
163
|
4.6 |
MEDIUM
Network
|
openc3
|
cosmos
|
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval() function on…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-42086
|
2026-05-9 04:54 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
164
|
4.3 |
MEDIUM
Network
|
openc3
|
cosmos
|
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in…
Update
|
CWE-23
Relative Path Traversal
|
CVE-2026-42085
|
2026-05-9 04:54 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
165
|
8.1 |
HIGH
Network
|
openc3
|
cosmos
|
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionalit…
Update
|
CWE-620
Unverified Password Change
|
CVE-2026-42084
|
2026-05-9 04:54 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
166
|
9.6 |
CRITICAL
Network
|
openc3
|
cosmos
|
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability e…
Update
|
CWE-89
SQL Injection
|
CVE-2026-42087
|
2026-05-9 04:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
167
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback
After several commits, the slab memory increases. Some dr…
Update
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-43269
|
2026-05-9 04:40 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
168
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
APEI/GHES: ensure that won't go past CPER allocated record
The logic at ghes_new() prevents allocating too large records, by
chec…
Update
|
NVD-CWE-noinfo
|
CVE-2026-43277
|
2026-05-9 04:34 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
169
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Fix double destroy_workqueue on service rescan PCI path
While testing corner cases in the driver, a use-after-free cra…
Update
|
CWE-415
Double Free
|
CVE-2026-43276
|
2026-05-9 04:32 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
170
|
9.8 |
CRITICAL
Network
|
vm2_project
|
vm2
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and…
Update
|
CWE-94
CWE-693
Code Injection
Protection Mechanism Failure
|
CVE-2026-24118
|
2026-05-9 04:30 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
