|
3961
|
7.5 |
HIGH
Network
|
openstack
|
ironic_python_agent
|
An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading …
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-43003
|
2026-05-5 03:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3962
|
9.8 |
CRITICAL
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
Oskar Kjos reported the following problem.
ip4ip6_err() calls icmp_send() on a clon…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-43037
|
2026-05-5 03:26 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3963
|
8.5 |
HIGH
Network
|
openstack
|
keystone
|
An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authentica…
|
CWE-863
Incorrect Authorization
|
CVE-2026-43001
|
2026-05-5 03:25 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3964
|
7.8 |
HIGH
Local
|
zhinst
|
labone_q
|
The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7584
|
2026-05-5 03:23 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3965
|
9.8 |
CRITICAL
Network
|
bitwarden
|
cli
|
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident.
|
CWE-78
CWE-94
OS Command
Code Injection
|
CVE-2026-42994
|
2026-05-5 03:23 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3966
|
6.5 |
MEDIUM
Network
|
apple
|
container
|
Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-28909
|
2026-05-5 03:22 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3967
|
8.8 |
HIGH
Network
|
hkuds
|
openharness
|
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Atta…
|
CWE-78
OS Command
|
CVE-2026-7551
|
2026-05-5 03:22 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3968
|
8.1 |
HIGH
Network
|
langflow
|
langflow
|
IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for an…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6542
|
2026-05-5 03:21 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3969
|
9.8 |
CRITICAL
Network
|
progress
|
moveit_automation
|
Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass.
This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from…
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-4670
|
2026-05-5 03:20 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3970
|
8.8 |
HIGH
Network
|
-
|
-
|
An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload.
|
CWE-611
XXE
|
CVE-2026-36765
|
2026-05-5 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
