|
31
|
10.0 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
New
|
CWE-20
Improper Input Validation
|
CVE-2026-34910
|
2026-05-22 11:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
32
|
10.0 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an und…
New
|
CWE-22
Path Traversal
|
CVE-2026-34909
|
2026-05-22 11:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
33
|
10.0 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
New
|
CWE-284
Improper Access Control
|
CVE-2026-34908
|
2026-05-22 11:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
34
|
9.1 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
New
|
CWE-20
Improper Input Validation
|
CVE-2026-33000
|
2026-05-22 11:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
35
|
7.8 |
HIGH
Local
|
mullvad
|
mullvad_vpn
|
Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer…
Update
|
CWE-269
CWE-345
CWE-427
NVD-CWE-noinfo
Improper Privilege Management
Insufficient Verification of Data Authenticity
Uncontrolled Search Path Element
|
CVE-2026-32323
|
2026-05-22 09:04 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
36
|
4.3 |
MEDIUM
Network
|
glpi-project
|
glpi
|
GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-32312
|
2026-05-22 08:57 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
37
|
3.5 |
LOW
Network
|
github
|
cli
|
`gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users vie…
Update
|
CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
|
CVE-2026-45803
|
2026-05-22 08:47 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
38
|
10.0 |
CRITICAL
Network
|
microsoft
|
azure_local
azure_resource_manager
|
Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.
Update
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-42822
|
2026-05-22 08:45 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
39
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
New
|
-
|
CVE-2026-5297
|
2026-05-22 08:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
40
|
- |
|
-
|
-
|
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file approveVersion(). The Concrete CMS security team gave this vulnerability a CVSS v.4…
New
|
CWE-352
CWE-1275
Origin Validation Error
Sensitive Cookie with Improper SameSite Attribute
|
CVE-2026-8435
|
2026-05-22 07:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
