|
2451
|
6.3 |
MEDIUM
Local
|
samba
|
rsync
|
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat …
|
CWE-59
CWE-367
Link Following
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-43619
|
2026-05-22 05:42 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2452
|
8.1 |
HIGH
Network
|
samba
|
rsync
|
Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigg…
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2026-43618
|
2026-05-22 05:34 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2453
|
6.5 |
MEDIUM
Network
|
faraday_project
|
faraday
|
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request tar…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-33637
|
2026-05-22 05:17 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2454
|
8.1 |
HIGH
Network
|
-
|
-
|
NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoki…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-8711
|
2026-05-22 04:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2455
|
- |
|
-
|
-
|
A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2026-7860
|
2026-05-22 04:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2456
|
7.5 |
HIGH
Network
|
progress
|
moveit_automation
|
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocation.
This issue affects MOVEit Automation: before 2025.0.11, from 20…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-8488
|
2026-05-22 04:00 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2457
|
7.8 |
HIGH
Local
|
hp
|
linux_imaging_and_printing
|
A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution v…
|
CWE-77
Command Injection
|
CVE-2026-8632
|
2026-05-22 03:58 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2458
|
9.8 |
CRITICAL
Network
|
hp
|
linux_imaging_and_printing
|
A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution v…
|
CWE-122
CWE-190
Heap-based Buffer Overflow
Integer Overflow or Wraparound
|
CVE-2026-8631
|
2026-05-22 03:58 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2459
|
5.3 |
MEDIUM
Network
|
esri
|
arcgis_server
|
ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the en…
|
CWE-287
Improper Authentication
|
CVE-2026-2812
|
2026-05-22 03:56 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2460
|
7.5 |
HIGH
Network
|
progress
|
moveit_automation
|
Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data.
This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 befo…
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-8487
|
2026-05-22 03:56 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
