|
3021
|
- |
|
-
|
-
|
Rejected reason: CVE ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-53826. Reason: This candidate is a duplicate of CVE-2025-53826. Notes: All CVE users should reference CVE-2025…
|
-
|
CVE-2026-54095
|
2026-06-13 07:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3022
|
- |
|
-
|
-
|
Rejected reason: This candidate was issued in error.
|
-
|
CVE-2020-2521
|
2026-06-13 07:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3023
|
5.5 |
MEDIUM
Local
|
mongodb
|
mongodb
|
The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-9751
|
2026-06-13 05:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3024
|
7.5 |
HIGH
Network
|
vmware
|
spring_security
|
An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-40988
|
2026-06-13 05:38 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3025
|
5.4 |
MEDIUM
Network
|
vmware
|
spring_security
|
An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters.
Affected versions:
Spring Security 5.7.0 throug…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41003
|
2026-06-13 05:30 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3026
|
5.3 |
MEDIUM
Network
|
vmware
|
spring_security
|
Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloa…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-41694
|
2026-06-13 05:28 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3027
|
9.8 |
CRITICAL
Network
|
qnap
|
qts
|
QuTS hero is not affected.
We have already fixed the vulnerability in the following version:
QTS 5.2.7.3256 build 20250913 and later
|
NVD-CWE-noinfo
|
CVE-2025-66276
|
2026-06-13 05:25 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3028
|
6.5 |
MEDIUM
Network
|
qnap
|
qts
quts_hero
|
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read…
|
CWE-22
Path Traversal
|
CVE-2026-24717
|
2026-06-13 05:21 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3029
|
7.5 |
HIGH
Network
|
qnap
|
qumagie
|
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions.
We hav…
|
CWE-359
CWE-862
Exposure of Private Personal Information to an Unauthorized Actor
Missing Authorization
|
CVE-2026-26237
|
2026-06-13 04:53 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3030
|
5.5 |
MEDIUM
Network
|
splunk
|
splunk
splunk_cloud_platform
|
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds…
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-20259
|
2026-06-13 04:50 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
