|
2041
|
5.4 |
MEDIUM
Network
|
-
|
-
|
IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.
|
CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
|
CVE-2025-36145
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2042
|
6.4 |
MEDIUM
Network
|
-
|
-
|
IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows…
|
CWE-79
Cross-site Scripting
|
CVE-2025-36126
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2043
|
5.4 |
MEDIUM
Network
|
-
|
-
|
IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). Th…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2025-14290
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2044
|
5.3 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unau…
|
CWE-565
CWE-639
Reliance on Cookies without Validation and Integrity Checking
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8337
|
2026-05-27 02:13 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2045
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipul…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-9543
|
2026-05-27 01:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2046
|
3.3 |
LOW
Local
|
-
|
-
|
A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a mani…
|
CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Read
|
CVE-2026-9530
|
2026-05-27 01:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2047
|
3.3 |
LOW
Local
|
-
|
-
|
A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bou…
|
CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Read
|
CVE-2026-9504
|
2026-05-27 01:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2048
|
- |
|
-
|
-
|
IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable
for a NULL pointer dereferencing, if a specially crafted
sequence of messages is sent for a certain time, causing
Denial of Service …
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8479
|
2026-05-27 01:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2049
|
- |
|
-
|
-
|
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in the NetFlow v9 data flowset processor. In src/netflow_plugin/netflow_v9_collector.cpp, the Data template bra…
|
-
|
CVE-2026-48683
|
2026-05-27 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2050
|
7.6 |
HIGH
Network
|
-
|
-
|
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery (SSRF) protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following proces…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45082
|
2026-05-27 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
