|
2561
|
7.5 |
HIGH
Network
|
-
|
-
|
In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c.
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-48829
|
2026-05-27 05:19 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2562
|
- |
|
-
|
-
|
Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to b…
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-48831
|
2026-05-27 05:19 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2563
|
3.5 |
LOW
Network
|
-
|
-
|
action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability.
|
CWE-601
Open Redirect
|
CVE-2026-48832
|
2026-05-27 05:19 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2564
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Tiktok Feed: from n/a through 1.0.24.
|
CWE-862
Missing Authorization
|
CVE-2026-24520
|
2026-05-27 05:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2565
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Taxi Booking M…
|
CWE-862
Missing Authorization
|
CVE-2026-25426
|
2026-05-27 05:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2566
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects WpBookingly: from n/a through 1.2.9.
|
CWE-862
Missing Authorization
|
CVE-2026-25444
|
2026-05-27 05:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2567
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects WpTravelly: from n/a through 2.1.5.
|
CWE-862
Missing Authorization
|
CVE-2026-27331
|
2026-05-27 05:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2568
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in itsourcecode Student Transcript Processing System 1.0. This vulnerability affects unknown code of the file /admin/modules/student/trans.php. Executing a manipulation of the a…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9574
|
2026-05-27 05:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2569
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue affects some unknown processing of the file /admin/modules/class/index.php?view=view. The manipulat…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9575
|
2026-05-27 05:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2570
|
9.8 |
CRITICAL
Network
|
litespeedtech
|
litespeed_cpanel_plugin
litespeed_whm_plugin
|
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jsona…
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-48172
|
2026-05-27 05:19 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
