|
891
|
8.2 |
HIGH
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and dis…
|
CWE-862
Missing Authorization
|
CVE-2026-42083
|
2026-05-29 03:40 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
892
|
7.7 |
HIGH
Network
|
-
|
-
|
OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's Python API exposes several app_apikey routes that trust a caller-provided projectKey after validating only that the API…
|
CWE-284
Improper Access Control
|
CVE-2026-45296
|
2026-05-29 03:40 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
893
|
- |
|
-
|
-
|
OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatch. ProjectAuthorizer.__call__ (OSS…
|
CWE-285
CWE-639
CWE-863
Improper Authorization
Authorization Bypass Through User-Controlled Key
Incorrect Authorization
|
CVE-2026-45297
|
2026-05-29 03:40 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
894
|
9.6 |
CRITICAL
Network
|
-
|
-
|
CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user…
|
CWE-94
Code Injection
|
CVE-2026-45311
|
2026-05-29 03:40 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
895
|
2.7 |
LOW
Network
|
synology
|
surveillance_station
|
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows …
|
CWE-22
Path Traversal
|
CVE-2024-47267
|
2026-05-29 03:39 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
896
|
4.9 |
MEDIUM
Network
|
synology
|
surveillance_station
|
Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtai…
|
CWE-862
Missing Authorization
|
CVE-2024-47268
|
2026-05-29 03:38 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
897
|
- |
|
-
|
-
|
Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web …
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-8697
|
2026-05-29 03:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
898
|
10.0 |
CRITICAL
Network
|
-
|
-
|
SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That ca…
|
CWE-94
Code Injection
|
CVE-2026-43898
|
2026-05-29 03:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
899
|
- |
|
-
|
-
|
TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext witho…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-34126
|
2026-05-29 03:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
900
|
7.1 |
HIGH
Network
|
-
|
-
|
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the cu…
|
CWE-471
CWE-749
Modification of Assumed-Immutable Data (MAID)
Exposed Dangerous Method or Function
|
CVE-2026-44798
|
2026-05-29 03:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
