|
1031
|
9.0 |
CRITICAL
Network
|
-
|
-
|
Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the aff…
|
CWE-94
Code Injection
|
CVE-2026-32999
|
2026-05-30 00:39 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1032
|
- |
|
-
|
-
|
Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection albeit heavily restricted.
More precise…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-9828
|
2026-05-30 00:39 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1033
|
- |
|
-
|
-
|
When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embe…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-6720
|
2026-05-30 00:39 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1034
|
6.5 |
MEDIUM
Network
|
-
|
-
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the fix for CVE-2026-33509 prevents setting storage_folder inside PKGDIR or userdir, but does NOT protect…
|
CWE-706
Use of Incorrectly-Resolved Name or Reference
|
CVE-2026-45306
|
2026-05-30 00:39 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1035
|
8.7 |
HIGH
Network
|
-
|
-
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates …
|
CWE-79
Cross-site Scripting
|
CVE-2026-45348
|
2026-05-30 00:39 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1036
|
5.0 |
MEDIUM
Network
|
-
|
-
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest (used by the parse_urls API). An…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-46561
|
2026-05-30 00:39 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1037
|
8.8 |
HIGH
Network
|
-
|
-
|
vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remote_code=True` parameter is hardcoded in two model implementation files (`vllm/model_executor/models/nemotron_vl.py` and …
|
CWE-22
Path Traversal
|
CVE-2026-4944
|
2026-05-30 00:39 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1038
|
- |
|
-
|
-
|
In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names e…
|
CWE-863
Incorrect Authorization
|
CVE-2026-49299
|
2026-05-30 00:39 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1039
|
7.1 |
HIGH
Network
|
-
|
-
|
An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input fi…
|
CWE-89
SQL Injection
|
CVE-2026-4776
|
2026-05-30 00:39 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1040
|
6.4 |
MEDIUM
Network
|
-
|
-
|
A Server-Side Request Forgery (SSRF) vulnerability exists in Mautic's Focus component. Due to insufficient validation of user-supplied URLs, an authenticated user can trigger outbound HTTP requests f…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-9557
|
2026-05-30 00:39 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
