|
501
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion.
The fragment reassembly path in 'Elixir.Ba…
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42786
|
2026-05-6 04:37 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
502
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated memory exhaustion via oversized HTTP/2 frames.
'Elixir.Bandit.HTTP2.Frame':deserialize/2 i…
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42788
|
2026-05-6 04:37 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
503
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence.
Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both head…
Update
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-40561
|
2026-05-6 04:35 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
504
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-7482
|
2026-05-6 04:35 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
505
|
- |
|
-
|
-
|
3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context of the root user by providing paylo…
New
|
CWE-78
OS Command
|
CVE-2025-13605
|
2026-05-6 04:35 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
506
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Tegsoft Management and Information Services Trade Limited Company Online Support Application allo…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-14320
|
2026-05-6 04:34 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
507
|
7.2 |
HIGH
Network
|
-
|
-
|
Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection.
This issue aff…
New
|
CWE-94
Code Injection
|
CVE-2026-3120
|
2026-05-6 04:34 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
508
|
9.8 |
CRITICAL
Network
|
-
|
-
|
D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42376
|
2026-05-6 04:32 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
509
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Apache Polaris can issue broad temporary ("vended") storage credentials during
staged
table creation before the effective table location has been validated or
durably reserved.
Those temporary crede…
New
|
CWE-20
CWE-862
Improper Input Validation
Missing Authorization
|
CVE-2026-42809
|
2026-05-6 04:32 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
510
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Apache Polaris accepts literal `*` characters in namespace and table names. When it
later builds temporary S3 access policies for delegated table access, those
same characters appear to be reused une…
New
|
CWE-20
CWE-116
Improper Input Validation
Improper Encoding or Escaping of Output
|
CVE-2026-42810
|
2026-05-6 04:32 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
