|
3611
|
3.7 |
LOW
Network
|
-
|
-
|
In mutt before 2.3.2, the imap_auth_gss security level is mishandled.
|
CWE-843
Type Confusion
|
CVE-2026-43862
|
2026-05-6 04:44 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3612
|
3.7 |
LOW
Network
|
-
|
-
|
mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.
|
CWE-253
Incorrect Check of Function Return Value
|
CVE-2026-43863
|
2026-05-6 04:44 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3613
|
2.5 |
LOW
Local
|
-
|
-
|
mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-43864
|
2026-05-6 04:44 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3614
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function
|
CWE-79
Cross-site Scripting
|
CVE-2026-31205
|
2026-05-6 04:44 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3615
|
8.1 |
HIGH
Network
|
-
|
-
|
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) calls unserialize() on data received from the server response, enabling client-sid…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-42471
|
2026-05-6 04:39 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3616
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-42472
|
2026-05-6 04:39 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3617
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-42473
|
2026-05-6 04:39 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3618
|
6.5 |
MEDIUM
Network
|
-
|
-
|
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `data` array to the data function in BuildHelper.php.
|
CWE-89
SQL Injection
|
CVE-2026-42474
|
2026-05-6 04:39 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3619
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a crafted packet to the MTU length field
|
CWE-805
Buffer Access with Incorrect Length Value
|
CVE-2025-63547
|
2026-05-6 04:39 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3620
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field.
|
CWE-241
Improper Handling of Unexpected Data Type
|
CVE-2025-63548
|
2026-05-6 04:39 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
