|
4801
|
7.1 |
HIGH
Network
|
dell
|
idrac10_firmware
|
Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privilege…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-35155
|
2026-05-2 02:40 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4802
|
6.1 |
MEDIUM
Network
|
wso2
|
identity_server
|
The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious Java…
|
CWE-79
Cross-site Scripting
|
CVE-2025-10503
|
2026-05-2 02:40 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4803
|
6.4 |
MEDIUM
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolatio…
|
CWE-653
CWE-863
Improper Isolation or Compartmentalization
Incorrect Authorization
|
CVE-2026-41174
|
2026-05-2 02:39 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4804
|
5.5 |
MEDIUM
Local
|
samsung
|
android
|
Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application.
|
NVD-CWE-noinfo
|
CVE-2026-21023
|
2026-05-2 02:39 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4805
|
3.7 |
LOW
Network
|
traefik
|
traefik
|
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an at…
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-41263
|
2026-05-2 02:37 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4806
|
6.5 |
MEDIUM
Network
|
prosody
|
prosody
|
An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access control in the activation scenario, relayin…
|
CWE-420
Unprotected Alternate Channel
|
CVE-2026-43505
|
2026-05-2 02:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4807
|
6.5 |
MEDIUM
Network
|
prosody
|
prosody
|
An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access control in a paused scenario, relaying of u…
|
CWE-863
Incorrect Authorization
|
CVE-2026-43504
|
2026-05-2 02:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4808
|
7.5 |
HIGH
Network
|
prosody
|
prosody
|
An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by memory leaks from unauthenticated connections.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-43506
|
2026-05-2 02:09 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4809
|
7.5 |
HIGH
Network
|
prosody
|
prosody
|
An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthen…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-43507
|
2026-05-2 02:09 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4810
|
7.5 |
HIGH
Network
|
wireshark
|
wireshark
|
DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-5653
|
2026-05-2 02:04 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
