|
2031
|
5.4 |
MEDIUM
Network
|
apache
|
shiro
|
Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login.
In affected versions, insufficient validation of this client-controlled value coul…
|
CWE-601
Open Redirect
|
CVE-2026-48589
|
2026-05-28 22:38 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2032
|
6.1 |
MEDIUM
Network
|
mistune_project
|
mistune
|
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as _num_re = re.compile(r"^…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44899
|
2026-05-28 22:38 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2033
|
8.8 |
HIGH
Network
|
tanium
|
connect
|
Tanium addressed an unauthorized code execution vulnerability in Connect.
|
CWE-78
OS Command
|
CVE-2026-9207
|
2026-05-28 22:31 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2034
|
10.0 |
CRITICAL
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network a…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44330
|
2026-05-28 22:06 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2035
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation whe…
|
CWE-59
Link Following
|
CVE-2026-7374
|
2026-05-28 12:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2036
|
7.2 |
HIGH
Network
|
apache
|
syncope
|
Improper Isolation or Compartmentalization vulnerability in Apache Syncope.
An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted c…
|
CWE-653
Improper Isolation or Compartmentalization
|
CVE-2026-42782
|
2026-05-28 06:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2037
|
2.4 |
LOW
Physics
|
-
|
-
|
AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an ove…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2025-68711
|
2026-05-28 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2038
|
2.4 |
LOW
Physics
|
-
|
-
|
Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay …
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2025-68710
|
2026-05-28 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2039
|
2.4 |
LOW
Physics
|
-
|
-
|
SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's …
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2025-68708
|
2026-05-28 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2040
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authen…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-1402
|
2026-05-28 05:53 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
