|
3441
|
2.4 |
LOW
Physics
|
-
|
-
|
Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. T…
|
CWE-636
CWE-696
CWE-754
Not Failing Securely ('Failing Open')
Incorrect Behavior Order
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-49318
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3442
|
4.6 |
MEDIUM
Physics
|
-
|
-
|
Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Modul…
|
CWE-693
CWE-754
CWE-1384
Protection Mechanism Failure
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-49325
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3443
|
- |
|
-
|
-
|
RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrat…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44838
|
2026-05-30 00:06 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3444
|
- |
|
-
|
-
|
RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13.
|
CWE-80
Basic XSS
|
CVE-2026-44839
|
2026-05-30 00:06 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3445
|
- |
|
-
|
-
|
Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with end…
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-33590
|
2026-05-30 00:06 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3446
|
- |
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert …
|
CWE-79
Cross-site Scripting
|
CVE-2026-9806
|
2026-05-29 23:46 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3447
|
4.6 |
MEDIUM
Network
|
-
|
-
|
A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifi…
|
CWE-22
Path Traversal
|
CVE-2026-33462
|
2026-05-29 23:46 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3448
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-b…
|
CWE-672
Operation on a Resource after Expiration or Release
|
CVE-2026-33463
|
2026-05-29 23:46 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3449
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user holding a low-privileged role can submit a specially …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-33464
|
2026-05-29 23:46 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3450
|
4.1 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation (CWE-79) in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42401
|
2026-05-29 23:46 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
