|
2311
|
5.5 |
MEDIUM
Adjacent
|
-
|
-
|
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication.
|
CWE-93
CRLF Injection
|
CVE-2026-35504
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2312
|
8.2 |
HIGH
Adjacent
|
-
|
-
|
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions …
|
CWE-863
Incorrect Authorization
|
CVE-2026-26289
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2313
|
5.7 |
MEDIUM
Adjacent
|
-
|
-
|
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions.
|
CWE-863
Incorrect Authorization
|
CVE-2026-33570
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2314
|
6.3 |
MEDIUM
Adjacent
|
-
|
-
|
PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups.
|
CWE-863
Incorrect Authorization
|
CVE-2026-35555
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2315
|
7.8 |
HIGH
Local
|
-
|
-
|
The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-8108
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2316
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /{index_name}/documents endpoint lacks proper aut…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-31215
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2317
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/{object_name:path} endpoint lacks authentica…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-31216
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2318
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary code execution. When a user …
|
CWE-94
Code Injection
|
CVE-2026-31217
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2319
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe ev…
|
CWE-94
Code Injection
|
CVE-2026-31228
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2320
|
8.8 |
HIGH
Network
|
-
|
-
|
The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The _parse_op_part() function in query.py uses the unsafe eval() function t…
|
CWE-94
Code Injection
|
CVE-2026-31225
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
