|
1891
|
- |
|
-
|
-
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions starting with 15.10.6 and prior to 18.1…
|
CWE-862
Missing Authorization
|
CVE-2026-33137
|
2026-05-27 04:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1892
|
- |
|
-
|
-
|
An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator passwor…
|
CWE-20
Improper Input Validation
|
CVE-2026-3294
|
2026-05-27 04:08 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1893
|
- |
|
-
|
-
|
Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary na…
|
CWE-647
Use of Non-Canonical URL Paths for Authorization Decisions
|
CVE-2026-5222
|
2026-05-27 04:08 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1894
|
- |
|
-
|
-
|
Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The…
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-5223
|
2026-05-27 04:08 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1895
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-41104
|
2026-05-27 04:06 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1896
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to filter nil elements from outgoing webhook attachment payloads before processing, which allows an …
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-4915
|
2026-05-27 04:06 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1897
|
- |
|
-
|
-
|
NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, thi…
|
CWE-22
CWE-269
CWE-284
CWE-732
Path Traversal
Improper Privilege Management
Improper Access Control
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-9489
|
2026-05-27 04:05 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1898
|
- |
|
-
|
-
|
A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user t…
|
CWE-269
Improper Privilege Management
|
CVE-2026-9490
|
2026-05-27 04:05 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1899
|
7.2 |
HIGH
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue a…
|
CWE-23
CWE-98
CWE-434
Relative Path Traversal
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-8134
|
2026-05-27 04:02 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1900
|
8.8 |
HIGH
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/design. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco…
|
CWE-352
CWE-1275
Origin Validation Error
Sensitive Cookie with Improper SameSite Attribute
|
CVE-2026-8413
|
2026-05-27 04:01 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
