|
1321
|
- |
|
-
|
-
|
In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names e…
|
CWE-863
Incorrect Authorization
|
CVE-2026-49299
|
2026-06-3 05:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1322
|
- |
|
-
|
-
|
In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty bu…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-49017
|
2026-06-3 05:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1323
|
8.1 |
HIGH
Network
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with deny_remote=false in pam_usb (commonly done for display manage…
|
CWE-863
Incorrect Authorization
|
CVE-2026-48064
|
2026-06-3 05:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1324
|
7.8 |
HIGH
Local
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRY_FALLBACK_APP environment variable and executes it directly withou…
|
CWE-78
OS Command
|
CVE-2026-44709
|
2026-06-3 05:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1325
|
8.6 |
HIGH
Local
|
zed
|
zed
|
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $((...)), allowing execution of arbitrary commands nested inside an allowli…
|
CWE-78
OS Command
|
CVE-2026-44466
|
2026-06-3 05:14 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1326
|
8.2 |
HIGH
Network
|
ibm
|
cognos_analytics
cognos_transformer
|
IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to …
|
CWE-79
Cross-site Scripting
|
CVE-2025-3633
|
2026-06-3 05:05 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1327
|
7.5 |
HIGH
Network
|
ibm
|
db2
|
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-1718
|
2026-06-3 05:02 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1328
|
6.5 |
MEDIUM
Network
|
redhat
samba
|
openshift_container_platform
samba
enterprise_linux
|
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem wri…
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-1933
|
2026-06-3 05:01 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1329
|
6.8 |
MEDIUM
Local
|
synology
|
beedrive
|
Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2024-11399
|
2026-06-3 04:55 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1330
|
7.5 |
HIGH
Network
|
ibm
|
infosphere_optim_test_data_fabrication
|
IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2.2, 1.0.2.3, 1.0.2.4, 1.0.2.5, 1.0.2.6, 1.0.2.7 could allow a remote attacker to traverse directories on the system. An…
|
CWE-22
Path Traversal
|
CVE-2026-3366
|
2026-06-3 04:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
