|
2891
|
8.1 |
HIGH
Network
|
openc3
|
cosmos
|
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionalit…
|
CWE-620
Unverified Password Change
|
CVE-2026-42084
|
2026-05-9 04:54 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2892
|
9.6 |
CRITICAL
Network
|
openc3
|
cosmos
|
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability e…
|
CWE-89
SQL Injection
|
CVE-2026-42087
|
2026-05-9 04:53 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2893
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback
After several commits, the slab memory increases. Some dr…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-43269
|
2026-05-9 04:40 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2894
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
APEI/GHES: ensure that won't go past CPER allocated record
The logic at ghes_new() prevents allocating too large records, by
chec…
|
NVD-CWE-noinfo
|
CVE-2026-43277
|
2026-05-9 04:34 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2895
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Fix double destroy_workqueue on service rescan PCI path
While testing corner cases in the driver, a use-after-free cra…
|
CWE-415
Double Free
|
CVE-2026-43276
|
2026-05-9 04:32 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2896
|
9.8 |
CRITICAL
Network
|
vm2_project
|
vm2
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and…
|
CWE-94
CWE-693
Code Injection
Protection Mechanism Failure
|
CVE-2026-24118
|
2026-05-9 04:30 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2897
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Flush exception handling work when RPM level is zero
Ensure that the exception event handling work is explicitly…
|
CWE-362
Race Condition
|
CVE-2026-43275
|
2026-05-9 04:30 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2898
|
9.8 |
CRITICAL
Network
|
vm2_project
|
vm2
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM…
|
CWE-94
CWE-693
Code Injection
Protection Mechanism Failure
|
CVE-2026-24120
|
2026-05-9 04:29 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2899
|
9.8 |
CRITICAL
Network
|
vm2_project
|
vm2
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can es…
|
CWE-94
CWE-693
Code Injection
Protection Mechanism Failure
|
CVE-2026-24781
|
2026-05-9 04:29 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2900
|
9.8 |
CRITICAL
Network
|
kestra
|
kestra
|
Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitiza…
|
CWE-89
SQL Injection
|
CVE-2026-38428
|
2026-05-9 04:24 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
