|
11
|
4.4 |
MEDIUM
Local
|
oracle
|
linux
|
An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-level dtrace attaches to -- or instruments -- that process (via…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-35233
|
2026-05-6 02:46 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
5.5 |
MEDIUM
Local
|
oracle
|
linux
|
An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuild_file_symtab()
Update
|
CWE-369
Divide By Zero
|
CVE-2026-21996
|
2026-05-6 02:45 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
7.3 |
HIGH
Network
|
gnu
|
glibc
|
The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write w…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-5435
|
2026-05-6 02:38 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
7.8 |
HIGH
Local
|
kde
|
kcoreaddons
|
In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading …
Update
|
CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
|
CVE-2026-41526
|
2026-05-6 02:25 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
2.6 |
LOW
Adjacent
|
-
|
-
|
A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_rout…
New
|
CWE-310
CWE-330
Cryptographic Issues
Use of Insufficiently Random Values
|
CVE-2026-7847
|
2026-05-6 02:17 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
- |
|
-
|
-
|
ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting (XSS) in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript co…
New
|
-
|
CVE-2026-38432
|
2026-05-6 02:17 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
- |
|
-
|
-
|
ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject template expressions that are executed on…
New
|
-
|
CVE-2026-38431
|
2026-05-6 02:17 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
- |
|
-
|
-
|
OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml.
New
|
-
|
CVE-2026-38429
|
2026-05-6 02:17 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
5.9 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with a…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-34956
|
2026-05-6 02:17 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
7.3 |
HIGH
Network
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data.
This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66.
Users a…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-29168
|
2026-05-6 02:17 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
