|
1641
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A Check Point HTTP-based service can incorrectly handle malformed HTTP requests.
The issue is related to HTTP request parsing and validation.
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-48135
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1642
|
7.5 |
HIGH
Network
|
-
|
-
|
When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway.
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-48133
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1643
|
8.1 |
HIGH
Network
|
-
|
-
|
The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, r…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-48131
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1644
|
7.1 |
HIGH
Network
|
-
|
-
|
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 ("Credential Theft via Client-Side Script Execution and API Authorization Bypass") is incomplete. Whil…
New
|
CWE-284
CWE-522
CWE-639
Improper Access Control
Insufficiently Protected Credentials
Authorization Bypass Through User-Controlled Key
|
CVE-2026-39968
|
2026-05-26 23:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1645
|
7.5 |
HIGH
Network
|
-
|
-
|
An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30
Operating System versions before 1.8.0 may be used by an unauthenticated network-based attack…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-11482
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1646
|
6.5 |
MEDIUM
Network
|
splunk
|
ai_toolkit
|
In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-20238
|
2026-05-26 21:45 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1647
|
3.8 |
LOW
Network
|
-
|
-
|
This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out ma…
New
|
CWE-1240
Use of a Cryptographic Primitive with a Risky Implementation
|
CVE-2026-44410
|
2026-05-26 19:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1648
|
7.8 |
HIGH
Local
|
-
|
-
|
MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-25713
|
2026-05-26 19:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1649
|
7.8 |
HIGH
Local
|
-
|
-
|
MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability
New
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-25104
|
2026-05-26 19:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1650
|
7.5 |
HIGH
Network
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Magentech SW Core allows PHP Local File Inclusion.
This issue affects SW Core…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-39661
|
2026-05-26 18:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
