|
11
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation o…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9573
|
2026-05-28 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
- |
|
-
|
-
|
An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interf…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-5509
|
2026-05-28 03:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in TeamSpeak 3 Server up to 3.13.7. This issue affects some unknown processing of the component clientek Handshake Handler. Performing a manipulation of the argument proo…
New
|
CWE-617
Reachable Assertion
|
CVE-2026-4392
|
2026-05-28 03:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in TeamSpeak 3 Server up to 3.13.7. This vulnerability affects unknown code of the component ECC Key Parser. Such manipulation leads to heap-based buffer ov…
New
|
CWE-119
CWE-122
Incorrect Access of Indexable Resource ('Range Error')
Heap-based Buffer Overflow
|
CVE-2026-4391
|
2026-05-28 03:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in TeamSpeak 3 Server up to 3.13.7. This affects the function process_resend_queue of the component Connection State Management. This manipulation causes use after free…
New
|
CWE-119
CWE-416
Incorrect Access of Indexable Resource ('Range Error')
Use After Free
|
CVE-2026-4390
|
2026-05-28 03:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
6.6 |
MEDIUM
Network
|
-
|
-
|
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-48917
|
2026-05-28 03:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
8.1 |
HIGH
Network
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The _log() function in src/juniper_plugin/fastnetmon_juniper.php (l…
New
|
CWE-78
OS Command
|
CVE-2026-48687
|
2026-05-28 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
8.5 |
HIGH
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check th…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-48153
|
2026-05-28 03:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
8.1 |
HIGH
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific owner…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-48152
|
2026-05-28 03:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
7.5 |
HIGH
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware skips authorization for…
New
|
CWE-862
Missing Authorization
|
CVE-2026-48151
|
2026-05-28 03:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
