|
2731
|
- |
|
-
|
-
|
Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, uploadedFileSaveIn() in lua/upload/upload.go uses filepath.Join() with the caller-supplied directory but performs no boundary c…
|
CWE-22
Path Traversal
|
CVE-2026-43982
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2732
|
- |
|
-
|
-
|
Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push() and L.PCall() execute. Sin…
|
CWE-362
Race Condition
|
CVE-2026-43981
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2733
|
4.3 |
MEDIUM
Network
|
-
|
-
|
e107 is a content management system (CMS). Prior to 2.3.4, you can access the local environment by specifying the URL of the local environment from "Image/File URL:" of "From a remote location" in "M…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-43936
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2734
|
8.1 |
HIGH
Network
|
-
|
-
|
e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset l…
|
CWE-20
CWE-807
Improper Input Validation
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-43935
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2735
|
- |
|
-
|
-
|
A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens.
For succe…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-2264
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2736
|
7.8 |
HIGH
Local
|
-
|
-
|
NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code exec…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-24162
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2737
|
5.3 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unau…
|
CWE-565
CWE-639
Reliance on Cookies without Validation and Integrity Checking
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8337
|
2026-05-27 02:13 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2738
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipul…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-9543
|
2026-05-27 01:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2739
|
3.3 |
LOW
Local
|
-
|
-
|
A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a mani…
|
CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Read
|
CVE-2026-9530
|
2026-05-27 01:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2740
|
3.3 |
LOW
Local
|
-
|
-
|
A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bou…
|
CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Read
|
CVE-2026-9504
|
2026-05-27 01:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
