|
211
|
6.1 |
MEDIUM
Local
|
-
|
-
|
An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content during installation.
New
|
CWE-346
Origin Validation Error
|
CVE-2025-66592
|
2026-05-27 23:54 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212
|
6.1 |
MEDIUM
Local
|
-
|
-
|
An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content during installation.
New
|
CWE-346
Origin Validation Error
|
CVE-2025-66593
|
2026-05-27 23:54 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213
|
6.2 |
MEDIUM
Local
|
-
|
-
|
A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local attackers to obtain sensitive informatio…
New
|
CWE-598
Information Exposure Through Query Strings in GET Request
|
CVE-2026-2237
|
2026-05-27 23:54 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214
|
8.0 |
HIGH
Adjacent
|
-
|
-
|
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and…
New
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-3012
|
2026-05-27 23:54 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215
|
4.2 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote at…
New
|
CWE-1288
Improper Validation of Consistency within Input
|
CVE-2026-9689
|
2026-05-27 23:54 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216
|
7.1 |
HIGH
Network
|
-
|
-
|
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem wri…
New
|
CWE-284
Improper Access Control
|
CVE-2026-1933
|
2026-05-27 23:54 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to i…
New
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-2340
|
2026-05-27 23:54 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218
|
6.8 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token …
New
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-9704
|
2026-05-27 23:54 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219
|
6.8 |
MEDIUM
Network
|
-
|
-
|
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-an…
New
|
CWE-89
SQL Injection
|
CVE-2026-9617
|
2026-05-27 23:54 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220
|
5.3 |
MEDIUM
Network
|
-
|
-
|
IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message …
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-28765
|
2026-05-27 23:53 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
