|
1661
|
7.7 |
HIGH
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST /api/plugin) validates the submitted URL with a single substring check: url.includes(".tar.gz"). A…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45061
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1662
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, consumeNonce() only checks that the module-level variable is set and unexpired. It does not validate any value from the incoming HTTP…
|
CWE-362
Race Condition
|
CVE-2026-44443
|
2026-05-29 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1663
|
5.3 |
MEDIUM
Network
|
-
|
-
|
FacturaScripts is an open source accounting and invoicing software. Prior to v2026, an unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to t…
|
CWE-200
Information Exposure
|
CVE-2026-42878
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1664
|
3.7 |
LOW
Adjacent
|
-
|
-
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AM…
|
CWE-358
Improperly Implemented Security Check for Standard
|
CVE-2026-42082
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1665
|
5.3 |
MEDIUM
Network
|
-
|
-
|
SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components
|
CWE-89
SQL Injection
|
CVE-2026-38808
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1666
|
8.8 |
HIGH
Network
|
-
|
-
|
Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-38807
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1667
|
7.5 |
HIGH
Network
|
ibm
|
db2
|
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-6051
|
2026-05-29 00:55 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1668
|
7.5 |
HIGH
Network
|
ibm
|
db2
|
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-6052
|
2026-05-29 00:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1669
|
5.5 |
MEDIUM
Local
|
ibm
|
db2
|
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-6053
|
2026-05-29 00:46 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1670
|
6.5 |
MEDIUM
Network
|
ibm
|
i
|
IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit th…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-6936
|
2026-05-29 00:46 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
