|
3031
|
4.6 |
MEDIUM
Physics
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the return values of udisks_drive_get_serial(), udisks_drive_get_vendor(), and u…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-44710
|
2026-05-28 22:57 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3032
|
8.2 |
HIGH
Local
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $(id>/tmp/rce) in the config causes root RCE when pamusb-conf --reset-pads is…
|
CWE-78
CWE-88
OS Command
Argument Injection
|
CVE-2026-44712
|
2026-05-28 22:57 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3033
|
8.8 |
HIGH
Local
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the so…
|
CWE-78
CWE-116
OS Command
Improper Encoding or Escaping of Output
|
CVE-2026-44713
|
2026-05-28 22:57 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3034
|
7.4 |
HIGH
Network
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb's deny_remote feature checks utmpx ut_addr_v6 to detect whether an authentication request o…
|
CWE-284
Improper Access Control
|
CVE-2026-47269
|
2026-05-28 22:57 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3035
|
6.3 |
MEDIUM
Local
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb is a PAM module loaded into the host process (sudo, login, GDM, GNOME Shell). Display manage…
|
CWE-362
Race Condition
|
CVE-2026-47270
|
2026-05-28 22:57 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3036
|
6.1 |
MEDIUM
Network
|
apache
|
echarts
|
A cross-site scripting (XSS) vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic.
This issue affects Apache ECharts: from before 6.1.0.
In versions prior to 6.1.0,…
|
CWE-79
Cross-site Scripting
|
CVE-2026-45249
|
2026-05-28 22:48 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3037
|
6.5 |
MEDIUM
Network
|
apache
|
shiro
|
Default configurations of Apache Shiro have a session fixation vulnerability.
This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1.
Users are recommended to upgrade to version 2.1.1…
|
CWE-384
Session Fixation
|
CVE-2026-43827
|
2026-05-28 22:47 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3038
|
6.5 |
MEDIUM
Network
|
apache
|
shiro
|
Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute.
This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1.
Users are recommen…
|
CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
|
CVE-2026-43828
|
2026-05-28 22:45 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3039
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_…
|
CWE-862
Missing Authorization
|
CVE-2026-4888
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3040
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the action_get_event_data due to …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9228
|
2026-05-28 22:45 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
