|
3871
|
9.8 |
CRITICAL
Network
|
tenda
|
w308r_firmware
|
Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2018-25316
|
2026-05-5 03:42 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3872
|
9.8 |
CRITICAL
Network
|
tenda
|
fh303_firmware
a300_firmware
|
Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers ca…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2018-25318
|
2026-05-5 03:40 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3873
|
5.0 |
MEDIUM
Network
|
cloudfoundry
|
cf-deployment
routing_release
|
Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure…
|
CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
|
CVE-2026-22726
|
2026-05-5 03:30 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3874
|
7.5 |
HIGH
Network
|
openstack
|
ironic_python_agent
|
An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading …
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-43003
|
2026-05-5 03:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3875
|
9.8 |
CRITICAL
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
Oskar Kjos reported the following problem.
ip4ip6_err() calls icmp_send() on a clon…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-43037
|
2026-05-5 03:26 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3876
|
8.5 |
HIGH
Network
|
openstack
|
keystone
|
An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authentica…
|
CWE-863
Incorrect Authorization
|
CVE-2026-43001
|
2026-05-5 03:25 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3877
|
7.8 |
HIGH
Local
|
zhinst
|
labone_q
|
The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7584
|
2026-05-5 03:23 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3878
|
9.8 |
CRITICAL
Network
|
bitwarden
|
cli
|
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident.
|
CWE-78
CWE-94
OS Command
Code Injection
|
CVE-2026-42994
|
2026-05-5 03:23 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3879
|
6.5 |
MEDIUM
Network
|
apple
|
container
|
Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-28909
|
2026-05-5 03:22 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3880
|
8.8 |
HIGH
Network
|
hkuds
|
openharness
|
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Atta…
|
CWE-78
OS Command
|
CVE-2026-7551
|
2026-05-5 03:22 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
