|
1011
|
5.5 |
MEDIUM
Local
|
gpac
|
gpac
|
A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of t…
|
CWE-401
CWE-404
Missing Release of Memory after Effective Lifetime
Improper Resource Shutdown or Release
|
CVE-2026-9572
|
2026-05-28 23:32 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1012
|
5.3 |
MEDIUM
Network
|
rexxars
|
eventsource-encoder
|
eventsource-encoder encodes events as well-formed EventSource/Server Sent Event (SSE) messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage b…
|
CWE-93
CWE-113
CRLF Injection
HTTP Response Splitting
|
CVE-2026-44214
|
2026-05-28 23:30 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1013
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer ove…
|
CWE-119
CWE-122
Incorrect Access of Indexable Resource ('Range Error')
Heap-based Buffer Overflow
|
CVE-2026-9605
|
2026-05-28 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1014
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can …
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-9581
|
2026-05-28 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1015
|
7.5 |
HIGH
Network
|
archive\
|
\
|
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header.
_read_tar() reads each entry's payload with $handle->read($$data, $block), …
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-9538
|
2026-05-28 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1016
|
3.1 |
LOW
Network
|
-
|
-
|
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
|
CWE-22
Path Traversal
|
CVE-2026-49009
|
2026-05-28 23:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1017
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
|
-
|
CVE-2026-48902
|
2026-05-28 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1018
|
7.5 |
HIGH
Network
|
-
|
-
|
The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2026-48901
|
2026-05-28 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1019
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker ca…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-48864
|
2026-05-28 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1020
|
- |
|
-
|
-
|
RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb, RELATE LMS configures its Celery workers to accept and deserialize untrusted 'pickle' data. An atta…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-47161
|
2026-05-28 23:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
