|
2521
|
8.6 |
HIGH
Network
|
-
|
-
|
Music Player Daemon (MPD) before version 0.24.11 contains a stack buffer overflow vulnerability in the pcm_unpack_24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt st…
|
CWE-193
Off-by-one Error
|
CVE-2026-49127
|
2026-05-29 23:07 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2522
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Music Player Daemon (MPD) before version 0.24.11 contains a CRLF injection vulnerability in the xspf_char_data function within the XSPF playlist plugin that allows attackers to embed literal CR/LF by…
|
CWE-93
CRLF Injection
|
CVE-2026-49130
|
2026-05-29 23:07 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2523
|
5.8 |
MEDIUM
Network
|
-
|
-
|
Music Player Daemon (MPD) before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPT_FOLLOWLOCATION is set without CURLOPT_REDIR_PROTOCOLS_STR, allow…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-49129
|
2026-05-29 23:07 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2524
|
4.1 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endp…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-10052
|
2026-05-29 23:06 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2525
|
2.7 |
LOW
Network
|
-
|
-
|
A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_secret, to be transmitted as plaintext in URL que…
|
CWE-598
Information Exposure Through Query Strings in GET Request
|
CVE-2026-10078
|
2026-05-29 23:06 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2526
|
7.7 |
HIGH
Network
|
-
|
-
|
A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN (Fully Qualified Domain Name) EndpointSlice tha…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42965
|
2026-05-29 23:06 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2527
|
7.4 |
HIGH
Network
|
-
|
-
|
A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows…
|
CWE-287
Improper Authentication
|
CVE-2026-46579
|
2026-05-29 23:06 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2528
|
5.4 |
MEDIUM
Network
|
networktocode
|
nautobot
|
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey (a pattern allowing an object to referen…
|
CWE-862
Missing Authorization
|
CVE-2026-44794
|
2026-05-29 22:29 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2529
|
6.5 |
MEDIUM
Network
|
networktocode
|
nautobot
|
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to a…
|
CWE-400
CWE-1333
Uncontrolled Resource Consumption
Inefficient Regular Expression Complexity
|
CVE-2026-44796
|
2026-05-29 22:27 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2530
|
8.5 |
HIGH
Network
|
networktocode
|
nautobot
|
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44797
|
2026-05-29 22:26 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
