|
901
|
7.3 |
HIGH
Network
|
-
|
-
|
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/cron/class/cronjob.class.php, call_user_func_array() in fun…
Update
|
CWE-94
Code Injection
|
CVE-2026-37712
|
2026-05-29 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
902
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints (mgmt.php, npcmd.php) that a…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-24444
|
2026-05-29 02:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
903
|
5.5 |
MEDIUM
Local
|
libusb
|
libusb
|
libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface cla…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-23679
|
2026-05-29 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
904
|
5.5 |
MEDIUM
Local
|
-
|
-
|
SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mec…
Update
|
CWE-285
CWE-287
Improper Authorization
Improper Authentication
|
CVE-2025-68712
|
2026-05-29 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
905
|
6.6 |
MEDIUM
Network
|
jenkins
|
active_directory
|
Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation.
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-48919
|
2026-05-29 02:14 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
906
|
8.8 |
HIGH
Network
|
jenkins
|
email_extension
|
Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64` in email content by setting the `data-inline` attribute, without restrictions on the image URLs that c…
Update
|
CWE-73
External Control of File Name or Path
|
CVE-2026-48920
|
2026-05-29 02:14 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
907
|
7.5 |
HIGH
Network
|
jenkins
|
pipeline\
|
Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a…
Update
|
CWE-59
Link Following
|
CVE-2026-48921
|
2026-05-29 02:06 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
908
|
6.5 |
MEDIUM
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions han…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-44323
|
2026-05-29 02:02 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
909
|
7.5 |
HIGH
Network
|
jenkins
|
credentials_binding
|
Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to w…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-48922
|
2026-05-29 02:01 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
910
|
4.3 |
MEDIUM
Network
|
jenkins
|
appspider
|
Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-spe…
Update
|
CWE-269
Improper Privilege Management
|
CVE-2026-48923
|
2026-05-29 02:01 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
