|
2401
|
5.3 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unau…
|
CWE-565
CWE-639
Reliance on Cookies without Validation and Integrity Checking
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8337
|
2026-05-27 02:13 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2402
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipul…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-9543
|
2026-05-27 01:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2403
|
3.3 |
LOW
Local
|
-
|
-
|
A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a mani…
|
CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Read
|
CVE-2026-9530
|
2026-05-27 01:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2404
|
3.3 |
LOW
Local
|
-
|
-
|
A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bou…
|
CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Read
|
CVE-2026-9504
|
2026-05-27 01:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2405
|
- |
|
-
|
-
|
IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable
for a NULL pointer dereferencing, if a specially crafted
sequence of messages is sent for a certain time, causing
Denial of Service …
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8479
|
2026-05-27 01:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2406
|
- |
|
-
|
-
|
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in the NetFlow v9 data flowset processor. In src/netflow_plugin/netflow_v9_collector.cpp, the Data template bra…
|
-
|
CVE-2026-48683
|
2026-05-27 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2407
|
7.6 |
HIGH
Network
|
-
|
-
|
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery (SSRF) protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following proces…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45082
|
2026-05-27 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2408
|
6.2 |
MEDIUM
Local
|
-
|
-
|
In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements() in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-42627
|
2026-05-27 01:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2409
|
- |
|
-
|
-
|
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-l…
|
-
|
CVE-2026-38587
|
2026-05-27 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2410
|
7.0 |
HIGH
Local
|
samba
|
rsync
|
Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replac…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-29518
|
2026-05-27 01:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
