|
2981
|
- |
|
-
|
-
|
A heap-based buffer overflow vulnerability exists in XML
parser functionality in the HiDraw. An authenticated
malicious user with local access can exploit this
vulnerability using a specially crafted…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-7310
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2982
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobile_login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing …
|
CWE-295
Improper Certificate Validation
|
CVE-2026-48249
|
2026-05-26 23:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2983
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound H…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-48248
|
2026-05-26 23:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2984
|
4.1 |
MEDIUM
Network
|
-
|
-
|
When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Comp…
|
CWE-89
SQL Injection
|
CVE-2026-48136
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2985
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A Check Point HTTP-based service can incorrectly handle malformed HTTP requests.
The issue is related to HTTP request parsing and validation.
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-48135
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2986
|
7.5 |
HIGH
Network
|
-
|
-
|
When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway.
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-48133
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2987
|
8.1 |
HIGH
Network
|
-
|
-
|
The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, r…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-48131
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2988
|
7.1 |
HIGH
Network
|
-
|
-
|
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 ("Credential Theft via Client-Side Script Execution and API Authorization Bypass") is incomplete. Whil…
|
CWE-284
CWE-522
CWE-639
Improper Access Control
Insufficiently Protected Credentials
Authorization Bypass Through User-Controlled Key
|
CVE-2026-39968
|
2026-05-26 23:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2989
|
7.5 |
HIGH
Network
|
-
|
-
|
An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30
Operating System versions before 1.8.0 may be used by an unauthenticated network-based attack…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-11482
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2990
|
6.5 |
MEDIUM
Network
|
splunk
|
ai_toolkit
|
In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations…
|
CWE-863
Incorrect Authorization
|
CVE-2026-20238
|
2026-05-26 21:45 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
