|
2511
|
9.8 |
CRITICAL
Network
|
synology
|
diskstation_manager
|
Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote atta…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2025-13392
|
2026-06-3 05:42 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2512
|
7.5 |
HIGH
Network
|
synology
|
c2_identity_edge_server
|
An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server.
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2025-14713
|
2026-06-3 05:41 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2513
|
8.6 |
HIGH
Network
|
synology
|
active_backup_for_business
|
A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files.
|
CWE-89
SQL Injection
|
CVE-2025-30028
|
2026-06-3 05:41 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2514
|
5.9 |
MEDIUM
Network
|
synology
|
safe_access
|
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with admi…
|
CWE-79
Cross-site Scripting
|
CVE-2025-10466
|
2026-06-3 05:30 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2515
|
8.6 |
HIGH
Local
|
zed
|
zed
|
Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allow…
|
CWE-78
OS Command
|
CVE-2026-44465
|
2026-06-3 05:17 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2516
|
- |
|
-
|
-
|
In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names e…
|
CWE-863
Incorrect Authorization
|
CVE-2026-49299
|
2026-06-3 05:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2517
|
- |
|
-
|
-
|
In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty bu…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-49017
|
2026-06-3 05:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2518
|
8.1 |
HIGH
Network
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with deny_remote=false in pam_usb (commonly done for display manage…
|
CWE-863
Incorrect Authorization
|
CVE-2026-48064
|
2026-06-3 05:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2519
|
7.8 |
HIGH
Local
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRY_FALLBACK_APP environment variable and executes it directly withou…
|
CWE-78
OS Command
|
CVE-2026-44709
|
2026-06-3 05:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2520
|
8.6 |
HIGH
Local
|
zed
|
zed
|
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $((...)), allowing execution of arbitrary commands nested inside an allowli…
|
CWE-78
OS Command
|
CVE-2026-44466
|
2026-06-3 05:14 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
