|
2091
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A Check Point HTTP-based service can incorrectly handle malformed HTTP requests.
The issue is related to HTTP request parsing and validation.
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-48135
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2092
|
7.5 |
HIGH
Network
|
-
|
-
|
When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway.
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-48133
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2093
|
8.1 |
HIGH
Network
|
-
|
-
|
The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, r…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-48131
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2094
|
7.1 |
HIGH
Network
|
-
|
-
|
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 ("Credential Theft via Client-Side Script Execution and API Authorization Bypass") is incomplete. Whil…
|
CWE-284
CWE-522
CWE-639
Improper Access Control
Insufficiently Protected Credentials
Authorization Bypass Through User-Controlled Key
|
CVE-2026-39968
|
2026-05-26 23:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2095
|
7.5 |
HIGH
Network
|
-
|
-
|
An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30
Operating System versions before 1.8.0 may be used by an unauthenticated network-based attack…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-11482
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2096
|
6.5 |
MEDIUM
Network
|
splunk
|
ai_toolkit
|
In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations…
|
CWE-863
Incorrect Authorization
|
CVE-2026-20238
|
2026-05-26 21:45 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2097
|
3.8 |
LOW
Network
|
-
|
-
|
This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out ma…
|
CWE-1240
Use of a Cryptographic Primitive with a Risky Implementation
|
CVE-2026-44410
|
2026-05-26 19:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2098
|
7.5 |
HIGH
Network
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Magentech SW Core allows PHP Local File Inclusion.
This issue affects SW Core…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-39661
|
2026-05-26 18:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2099
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in SpabRice Nyla allows Code Injection.
This issue affects Nyla: from n/a through 1.7.
|
CWE-80
Basic XSS
|
CVE-2026-39642
|
2026-05-26 18:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2100
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS.
This issue affects Geo Mashup: from n/a through 1.13.18.
|
CWE-79
Cross-site Scripting
|
CVE-2026-27427
|
2026-05-26 18:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
