|
1511
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion.
The fragment reassembly path in 'Elixir.Ba…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42786
|
2026-05-6 04:37 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1512
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated memory exhaustion via oversized HTTP/2 frames.
'Elixir.Bandit.HTTP2.Frame':deserialize/2 i…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42788
|
2026-05-6 04:37 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1513
|
- |
|
-
|
-
|
3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context of the root user by providing paylo…
|
CWE-78
OS Command
|
CVE-2025-13605
|
2026-05-6 04:35 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1514
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-7482
|
2026-05-6 04:35 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1515
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Tegsoft Management and Information Services Trade Limited Company Online Support Application allo…
|
CWE-79
Cross-site Scripting
|
CVE-2025-14320
|
2026-05-6 04:34 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1516
|
7.2 |
HIGH
Network
|
-
|
-
|
Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection.
This issue aff…
|
CWE-94
Code Injection
|
CVE-2026-3120
|
2026-05-6 04:34 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1517
|
9.8 |
CRITICAL
Network
|
-
|
-
|
D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42376
|
2026-05-6 04:32 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1518
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Apache Polaris can issue broad temporary ("vended") storage credentials during
staged
table creation before the effective table location has been validated or
durably reserved.
Those temporary crede…
|
CWE-20
CWE-862
Improper Input Validation
Missing Authorization
|
CVE-2026-42809
|
2026-05-6 04:32 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1519
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Apache Polaris accepts literal `*` characters in namespace and table names. When it
later builds temporary S3 access policies for delegated table access, those
same characters appear to be reused une…
|
CWE-20
CWE-116
Improper Input Validation
Improper Encoding or Escaping of Output
|
CVE-2026-42810
|
2026-05-6 04:32 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1520
|
9.9 |
CRITICAL
Network
|
-
|
-
|
In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials
that
only work for one table's files, but a crafted namespace or table name can
cause those credentials to work across …
|
CWE-20
CWE-917
Improper Input Validation
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-42811
|
2026-05-6 04:32 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
