|
1581
|
8.1 |
HIGH
Network
|
-
|
-
|
e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset l…
New
|
CWE-20
CWE-807
Improper Input Validation
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-43935
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1582
|
- |
|
-
|
-
|
Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator.
The FlinkSessionJob jarURI is currently not validated so th…
New
|
CWE-552
CWE-918
Files or Directories Accessible to External Parties
Server-Side Request Forgery (SSRF)
|
CVE-2026-40564
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1583
|
- |
|
-
|
-
|
An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.
New
|
CWE-22
Path Traversal
|
CVE-2026-40384
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1584
|
- |
|
-
|
-
|
An improper access check allows unauthorized access to com_config webservice endpoints.
New
|
CWE-284
Improper Access Control
|
CVE-2026-35223
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1585
|
- |
|
-
|
-
|
A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens.
For succe…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-2264
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1586
|
7.8 |
HIGH
Local
|
-
|
-
|
NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code exec…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-24162
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1587
|
5.3 |
MEDIUM
Network
|
-
|
-
|
IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the inst…
New
|
CWE-1392
Use of Default Credentials
|
CVE-2025-36221
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1588
|
4.3 |
MEDIUM
Network
|
-
|
-
|
IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, …
New
|
CWE-89
SQL Injection
|
CVE-2025-36220
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1589
|
5.4 |
MEDIUM
Network
|
-
|
-
|
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allo…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-36148
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1590
|
5.4 |
MEDIUM
Network
|
-
|
-
|
IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.
New
|
CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
|
CVE-2025-36145
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
