|
101
|
- |
|
-
|
-
|
Twenty is an open source CRM built with NestJS (Node.js). In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 address…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-33975
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
102
|
- |
|
-
|
-
|
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-QUIC (DoQ) server can be driven into unbounded goroutine and memory growth by a remote client that opens many QU…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-32934
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
103
|
- |
|
-
|
-
|
Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a local denial of service vulnerability exists in the Sandboxie kernel driver. An unprivilege…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-32603
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
104
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server.
If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-28780
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
105
|
7.5 |
HIGH
Network
|
-
|
-
|
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14.
New
|
CWE-284
Improper Access Control
|
CVE-2024-52911
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
106
|
8.1 |
HIGH
Network
|
redis
|
redis
|
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-aft…
New
|
CWE-416
Use After Free
|
CVE-2026-23631
|
2026-05-7 01:14 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
107
|
8.8 |
HIGH
Network
|
redis
|
redis
|
Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blo…
New
|
CWE-416
Use After Free
|
CVE-2026-23479
|
2026-05-7 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
108
|
7.5 |
HIGH
Network
|
-
|
-
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket.
This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through…
New
|
CWE-200
Information Exposure
|
CVE-2026-43646
|
2026-05-7 00:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
109
|
5.5 |
MEDIUM
Local
|
-
|
-
|
CImg Library is a C++ library for image processing. Prior to commit c3aacf5, the nb_colors field read from the BMP file header is used directly to compute an allocation size without validating it aga…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-42146
|
2026-05-7 00:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
110
|
8.1 |
HIGH
Network
|
-
|
-
|
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionalit…
New
|
CWE-620
Unverified Password Change
|
CVE-2026-42084
|
2026-05-7 00:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
