|
2741
|
7.7 |
HIGH
Network
|
-
|
-
|
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.
|
CWE-611
XXE
|
CVE-2026-2253
|
2026-05-27 13:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2742
|
9.8 |
CRITICAL
Network
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer,…
|
CWE-787
CWE-122
CWE-193
Out-of-bounds Write
Heap-based Buffer Overflow
Off-by-one Error
|
CVE-2026-48689
|
2026-05-27 11:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2743
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
-
|
CVE-2026-8680
|
2026-05-27 08:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2744
|
5.4 |
MEDIUM
Network
|
snipeitapp
|
snipe-it
|
Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting (XSS). This vulne…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44831
|
2026-05-27 05:39 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2745
|
8.8 |
HIGH
Network
|
snipeitapp
|
snipe-it
|
Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api…
|
CWE-281
CWE-863
Improper Preservation of Permissions
Incorrect Authorization
|
CVE-2026-44832
|
2026-05-27 05:38 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2746
|
7.1 |
HIGH
Network
|
snipeitapp
|
snipe-it
|
Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header…
|
CWE-601
Open Redirect
|
CVE-2026-44833
|
2026-05-27 05:38 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2747
|
4.8 |
MEDIUM
Network
|
powerdns
|
authoritative
|
Incorrect Behaviour of Views with TCP PROXY Requests
|
CWE-284
Improper Access Control
|
CVE-2026-41999
|
2026-05-27 05:32 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2748
|
8.1 |
HIGH
Local
|
-
|
-
|
Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure.
Mitigating Factor: Only sites that install Co…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-25193
|
2026-05-27 05:24 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2749
|
6.6 |
MEDIUM
Network
|
-
|
-
|
SQL Injection affecting the Access Manager role.
|
CWE-89
SQL Injection
|
CVE-2026-27768
|
2026-05-27 05:24 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2750
|
7.5 |
HIGH
Network
|
-
|
-
|
In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c.
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-48829
|
2026-05-27 05:19 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
