|
2841
|
5.8 |
MEDIUM
Network
|
-
|
-
|
Music Player Daemon (MPD) before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPT_FOLLOWLOCATION is set without CURLOPT_REDIR_PROTOCOLS_STR, allow…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-49129
|
2026-05-29 23:07 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2842
|
4.1 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endp…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-10052
|
2026-05-29 23:06 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2843
|
2.7 |
LOW
Network
|
-
|
-
|
A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_secret, to be transmitted as plaintext in URL que…
|
CWE-598
Information Exposure Through Query Strings in GET Request
|
CVE-2026-10078
|
2026-05-29 23:06 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2844
|
7.7 |
HIGH
Network
|
-
|
-
|
A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN (Fully Qualified Domain Name) EndpointSlice tha…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42965
|
2026-05-29 23:06 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2845
|
7.4 |
HIGH
Network
|
-
|
-
|
A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows…
|
CWE-287
Improper Authentication
|
CVE-2026-46579
|
2026-05-29 23:06 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2846
|
5.4 |
MEDIUM
Network
|
networktocode
|
nautobot
|
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey (a pattern allowing an object to referen…
|
CWE-862
Missing Authorization
|
CVE-2026-44794
|
2026-05-29 22:29 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2847
|
6.5 |
MEDIUM
Network
|
networktocode
|
nautobot
|
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to a…
|
CWE-400
CWE-1333
Uncontrolled Resource Consumption
Inefficient Regular Expression Complexity
|
CVE-2026-44796
|
2026-05-29 22:27 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2848
|
8.5 |
HIGH
Network
|
networktocode
|
nautobot
|
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44797
|
2026-05-29 22:26 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2849
|
- |
|
-
|
-
|
Rejected reason: Further research determined the issue is not a vulnerability.
|
-
|
CVE-2026-45611
|
2026-05-29 22:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2850
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.19. This is due to insufficient output escaping of imported snippet conte…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7430
|
2026-05-29 22:09 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
