|
1251
|
- |
|
-
|
-
|
In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnReques…
|
-
|
CVE-2026-9098
|
2026-05-29 03:00 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1252
|
- |
|
-
|
-
|
A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe wi…
|
CWE-22
CWE-269
CWE-284
CWE-732
Path Traversal
Improper Privilege Management
Improper Access Control
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-9789
|
2026-05-29 02:58 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1253
|
7.5 |
HIGH
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNo…
|
CWE-20
CWE-617
CWE-755
Improper Input Validation
Reachable Assertion
Improper Handling of Exceptional Conditions
|
CVE-2026-44319
|
2026-05-29 02:50 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1254
|
7.5 |
HIGH
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId} handler panics with a n…
|
CWE-476
CWE-754
NULL Pointer Dereference
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-44322
|
2026-05-29 02:37 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1255
|
4.3 |
MEDIUM
Network
|
ibm
|
business_automation_workflow
|
IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2026-1248
|
2026-05-29 02:19 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1256
|
6.6 |
MEDIUM
Network
|
jenkins
|
active_directory
|
Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-48918
|
2026-05-29 02:17 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1257
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
-
|
CVE-2026-9818
|
2026-05-29 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1258
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the arg…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-9531
|
2026-05-29 02:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1259
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in Edimax EW-7438RPn 1.31. This impacts the function formSDHCP of the file /goform/formSDHCP. Such manipulation of the argument submit-url leads to stack-based buffer o…
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-9482
|
2026-05-29 02:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1260
|
7.5 |
HIGH
Network
|
-
|
-
|
Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.get_resource() method in taipy/gui/extension/library.py that allows unauthenticated attackers to es…
|
CWE-22
Path Traversal
|
CVE-2026-48544
|
2026-05-29 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
