|
3441
|
7.5 |
HIGH
Network
|
wireshark
|
wireshark
|
Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-7376
|
2026-05-7 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3442
|
6.1 |
MEDIUM
Network
|
-
|
-
|
FluentCMS 1.2.3 is vulnerable to Cross Site Scripting (XSS) in TextHTML plugin.
|
CWE-79
Cross-site Scripting
|
CVE-2026-38947
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3443
|
- |
|
-
|
-
|
Twenty is an open source CRM built with NestJS (Node.js). In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientService can be bypassed using IPv4-mapped IPv6 address…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-33975
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3444
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server.
If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-28780
|
2026-05-7 01:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3445
|
8.1 |
HIGH
Network
|
redis
|
redis
|
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-aft…
|
CWE-416
Use After Free
|
CVE-2026-23631
|
2026-05-7 01:14 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3446
|
8.8 |
HIGH
Network
|
redis
|
redis
|
Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blo…
|
CWE-416
Use After Free
|
CVE-2026-23479
|
2026-05-7 00:53 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3447
|
7.5 |
HIGH
Network
|
-
|
-
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket.
This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through…
|
CWE-200
Information Exposure
|
CVE-2026-43646
|
2026-05-7 00:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3448
|
3.7 |
LOW
Network
|
-
|
-
|
HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-sit…
|
CWE-358
Improperly Implemented Security Check for Standard
|
CVE-2025-31983
|
2026-05-7 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3449
|
3.7 |
LOW
Network
|
-
|
-
|
HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of s…
|
CWE-200
Information Exposure
|
CVE-2025-31982
|
2026-05-7 00:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3450
|
6.1 |
MEDIUM
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /mcp-oauth/register endpoint accepted OAuth client registrations without authentication, allowi…
|
CWE-601
Open Redirect
|
CVE-2026-42230
|
2026-05-6 23:57 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
