|
2151
|
8.1 |
HIGH
Network
|
-
|
-
|
e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset l…
|
CWE-20
CWE-807
Improper Input Validation
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-43935
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2152
|
- |
|
-
|
-
|
Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator.
The FlinkSessionJob jarURI is currently not validated so th…
|
CWE-552
CWE-918
Files or Directories Accessible to External Parties
Server-Side Request Forgery (SSRF)
|
CVE-2026-40564
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2153
|
- |
|
-
|
-
|
A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens.
For succe…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-2264
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2154
|
7.8 |
HIGH
Local
|
-
|
-
|
NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code exec…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-24162
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2155
|
5.3 |
MEDIUM
Network
|
-
|
-
|
IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the inst…
|
CWE-1392
Use of Default Credentials
|
CVE-2025-36221
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2156
|
4.3 |
MEDIUM
Network
|
-
|
-
|
IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, …
|
CWE-89
SQL Injection
|
CVE-2025-36220
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2157
|
5.4 |
MEDIUM
Network
|
-
|
-
|
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allo…
|
CWE-79
Cross-site Scripting
|
CVE-2025-36148
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2158
|
5.4 |
MEDIUM
Network
|
-
|
-
|
IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.
|
CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
|
CVE-2025-36145
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2159
|
6.4 |
MEDIUM
Network
|
-
|
-
|
IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows…
|
CWE-79
Cross-site Scripting
|
CVE-2025-36126
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2160
|
5.4 |
MEDIUM
Network
|
-
|
-
|
IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). Th…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2025-14290
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
