|
1541
|
8.1 |
HIGH
Network
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src/mikrotik_plugin/fastnetmon_mikrotik.php…
|
CWE-78
OS Command
|
CVE-2026-48695
|
2026-05-28 00:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1542
|
6.2 |
MEDIUM
Local
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689.
|
CWE-120
CWE-676
Classic Buffer Overflow
Use of Potentially Dangerous Function
|
CVE-2026-48696
|
2026-05-28 00:42 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1543
|
7.2 |
HIGH
Network
|
ibm
|
engineering_lifecycle_management
|
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted.
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-4051
|
2026-05-28 00:41 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1544
|
7.2 |
HIGH
Network
|
citeum
|
opencti
|
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a differ…
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-44730
|
2026-05-28 00:40 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1545
|
7.4 |
HIGH
Network
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fast_library.cpp creates a boost::asio::ssl…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-48697
|
2026-05-28 00:31 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1546
|
5.3 |
MEDIUM
Network
|
apache
|
apache-airflow-providers-fab
|
Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache…
|
CWE-90
LDAP Injection
|
CVE-2026-46745
|
2026-05-28 00:31 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1547
|
9.8 |
CRITICAL
Network
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes attr…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-48691
|
2026-05-28 00:29 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1548
|
6.5 |
MEDIUM
Network
|
struktur
|
libheif
|
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS.…
|
CWE-125
CWE-476
Out-of-bounds Read
NULL Pointer Dereference
|
CVE-2026-41069
|
2026-05-28 00:26 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1549
|
8.1 |
HIGH
Network
|
struktur
|
libheif
|
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chun…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-41071
|
2026-05-28 00:25 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1550
|
- |
|
-
|
-
|
When creating an export through the pretix API, API clients are
returned an UUID value for their export job (a long, random string like
35742818-c375-4d15-839f-d49aecce94d6). Using this UUID, the A…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9712
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
