|
2251
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound H…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-48248
|
2026-05-26 23:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2252
|
4.1 |
MEDIUM
Network
|
-
|
-
|
When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Comp…
|
CWE-89
SQL Injection
|
CVE-2026-48136
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2253
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A Check Point HTTP-based service can incorrectly handle malformed HTTP requests.
The issue is related to HTTP request parsing and validation.
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-48135
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2254
|
7.5 |
HIGH
Network
|
-
|
-
|
When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway.
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-48133
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2255
|
8.1 |
HIGH
Network
|
-
|
-
|
The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, r…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-48131
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2256
|
7.1 |
HIGH
Network
|
-
|
-
|
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 ("Credential Theft via Client-Side Script Execution and API Authorization Bypass") is incomplete. Whil…
|
CWE-284
CWE-522
CWE-639
Improper Access Control
Insufficiently Protected Credentials
Authorization Bypass Through User-Controlled Key
|
CVE-2026-39968
|
2026-05-26 23:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2257
|
7.5 |
HIGH
Network
|
-
|
-
|
An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30
Operating System versions before 1.8.0 may be used by an unauthenticated network-based attack…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-11482
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2258
|
6.5 |
MEDIUM
Network
|
splunk
|
ai_toolkit
|
In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations…
|
CWE-863
Incorrect Authorization
|
CVE-2026-20238
|
2026-05-26 21:45 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2259
|
3.8 |
LOW
Network
|
-
|
-
|
This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out ma…
|
CWE-1240
Use of a Cryptographic Primitive with a Risky Implementation
|
CVE-2026-44410
|
2026-05-26 19:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2260
|
7.5 |
HIGH
Network
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Magentech SW Core allows PHP Local File Inclusion.
This issue affects SW Core…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-39661
|
2026-05-26 18:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
