|
2731
|
- |
|
-
|
-
|
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs host matching in a case-sensitive manner, while HTTP hostnames are cas…
|
CWE-178
CWE-436
Improper Handling of Case Sensitivity
Interpretation Conflict
|
CVE-2026-42273
|
2026-05-9 01:03 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2732
|
- |
|
-
|
-
|
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw (non-normalized) request path, while downstre…
|
CWE-35
CWE-436
Path Traversal: '.../...//'
Interpretation Conflict
|
CVE-2026-42274
|
2026-05-9 01:03 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2733
|
7.5 |
HIGH
Network
|
coredns.io
|
coredns
|
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-QUIC (DoQ) server can be driven into unbounded goroutine and memory growth by a remote client that opens many QU…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-32934
|
2026-05-9 01:03 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2734
|
7.5 |
HIGH
Network
|
coredns.io
|
coredns
|
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS (DoH) GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decodi…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-32936
|
2026-05-9 01:02 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2735
|
4.1 |
MEDIUM
Network
|
-
|
-
|
Kimai is an open-source time tracking application. From version 2.32.0 to before version 2.56.0, users with the role System-Admin (ROLE_SYSTE_ADMIN) and the permission upload_invoice_template can upl…
|
CWE-22
Path Traversal
|
CVE-2026-44298
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2736
|
7.8 |
HIGH
Local
|
-
|
-
|
The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2022-26522
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2737
|
5.3 |
MEDIUM
Local
|
-
|
-
|
The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2022-26523
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2738
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field.
|
CWE-78
OS Command
|
CVE-2022-45899
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2739
|
5.8 |
MEDIUM
Network
|
-
|
-
|
solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} API accepts a route-bound timeEntry from another organization w…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42279
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2740
|
7.5 |
HIGH
Network
|
-
|
-
|
Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via crafted packet data to the SMB service on TCP port 445.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-27686
|
2026-05-9 01:02 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
