|
181
|
3.7 |
LOW
Network
|
adcisolutions
|
node_view_permissions
|
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing.
This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2…
Update
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-8491
|
2026-05-28 00:00 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
182
|
8.1 |
HIGH
Network
|
apache
|
apache-airflow-providers-google
|
Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attac…
New
|
CWE-322
Key Exchange without Entity Authentication
|
CVE-2026-45361
|
2026-05-27 23:59 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
183
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, consumeNonce() only checks that the module-level variable is set and unexpired. It does not validate any value from the incoming HTTP…
New
|
CWE-362
Race Condition
|
CVE-2026-44443
|
2026-05-27 23:57 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
184
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the primary toSmbPath(fullPath) call throws, the method falls back to a dirname/basename split and only validates the directory …
New
|
CWE-88
Argument Injection
|
CVE-2026-44449
|
2026-05-27 23:57 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
185
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the …
New
|
CWE-88
Argument Injection
|
CVE-2026-44450
|
2026-05-27 23:57 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
186
|
7.1 |
HIGH
Network
|
-
|
-
|
The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpress_customizer_notify_dismiss_action AJAX handler before outputting it back in the response, al…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6268
|
2026-05-27 23:55 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
187
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond.
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-8676
|
2026-05-27 23:54 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
188
|
9.8 |
CRITICAL
Network
|
-
|
-
|
There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote Database Access)
An unauthenticated remote attacker can access configured databases in a DIAView project.
New
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-9642
|
2026-05-27 23:54 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
189
|
7.1 |
HIGH
Network
|
-
|
-
|
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject A…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-42012
|
2026-05-27 23:54 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
190
|
8.2 |
HIGH
Network
|
-
|
-
|
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) fiel…
New
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-42013
|
2026-05-27 23:54 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
