|
1181
|
5.4 |
MEDIUM
Network
|
apache
|
shiro
|
Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login.
In affected versions, insufficient validation of this client-controlled value coul…
|
CWE-601
Open Redirect
|
CVE-2026-48589
|
2026-05-28 22:38 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1182
|
6.1 |
MEDIUM
Network
|
mistune_project
|
mistune
|
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as _num_re = re.compile(r"^…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44899
|
2026-05-28 22:38 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1183
|
8.8 |
HIGH
Network
|
tanium
|
connect
|
Tanium addressed an unauthorized code execution vulnerability in Connect.
|
CWE-78
OS Command
|
CVE-2026-9207
|
2026-05-28 22:31 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1184
|
10.0 |
CRITICAL
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network a…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44330
|
2026-05-28 22:06 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1185
|
7.5 |
HIGH
Network
|
-
|
-
|
The Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.5, <7.13.8, and <7.10.12 accepts a client-supplied IMessage object and passes it dir…
|
CWE-284
Improper Access Control
|
CVE-2026-32995
|
2026-05-28 14:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1186
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation whe…
|
CWE-59
Link Following
|
CVE-2026-7374
|
2026-05-28 12:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1187
|
7.2 |
HIGH
Network
|
apache
|
syncope
|
Improper Isolation or Compartmentalization vulnerability in Apache Syncope.
An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted c…
|
CWE-653
Improper Isolation or Compartmentalization
|
CVE-2026-42782
|
2026-05-28 06:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1188
|
4.0 |
MEDIUM
Network
|
-
|
-
|
A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass i…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2026-21785
|
2026-05-28 06:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1189
|
2.4 |
LOW
Physics
|
-
|
-
|
AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an ove…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2025-68711
|
2026-05-28 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1190
|
2.4 |
LOW
Physics
|
-
|
-
|
Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay …
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2025-68710
|
2026-05-28 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
