|
3201
|
8.8 |
HIGH
Network
|
microsoft
|
azure_virtual_network_gateway
|
Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-40411
|
2026-05-28 01:47 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3202
|
9.8 |
CRITICAL
Network
|
microsoft
|
azure_orbital_spatio
|
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-40412
|
2026-05-28 01:37 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3203
|
7.5 |
HIGH
Network
|
microsoft
|
365_copilot
|
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
|
CWE-77
Command Injection
|
CVE-2026-42827
|
2026-05-28 01:27 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3204
|
9.8 |
CRITICAL
Network
|
microsoft
|
azure_resource_manager
|
Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-47280
|
2026-05-28 01:14 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3205
|
9.8 |
CRITICAL
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers ca…
|
CWE-94
Code Injection
|
CVE-2018-25357
|
2026-05-28 00:56 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3206
|
8.1 |
HIGH
Network
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniper_plugin/fastnetmon_juniper.php, the $IP_ATTACK vari…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-48694
|
2026-05-28 00:53 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3207
|
8.1 |
HIGH
Network
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src/mikrotik_plugin/fastnetmon_mikrotik.php…
|
CWE-78
OS Command
|
CVE-2026-48695
|
2026-05-28 00:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3208
|
6.2 |
MEDIUM
Local
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689.
|
CWE-120
CWE-676
Classic Buffer Overflow
Use of Potentially Dangerous Function
|
CVE-2026-48696
|
2026-05-28 00:42 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3209
|
7.2 |
HIGH
Network
|
ibm
|
engineering_lifecycle_management
|
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted.
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-4051
|
2026-05-28 00:41 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3210
|
7.2 |
HIGH
Network
|
citeum
|
opencti
|
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a differ…
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-44730
|
2026-05-28 00:40 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
