|
2881
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation via Validation Bypass in all versions up to and including 0.9.2.5. The vulnerability exists due to the …
|
CWE-269
Improper Privilege Management
|
CVE-2026-8809
|
2026-05-29 11:40 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2882
|
- |
|
-
|
-
|
Use after free in SurfaceCapture in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
Use After Free
|
CVE-2026-9961
|
2026-05-29 11:35 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2883
|
- |
|
-
|
-
|
Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
CWE-787
Out-of-bounds Write
|
CVE-2026-9965
|
2026-05-29 11:35 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2884
|
7.5 |
HIGH
Network
|
benoitc
|
hackney
|
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackney_ws.erl copies the host,…
|
CWE-93
CRLF Injection
|
CVE-2026-47072
|
2026-05-29 05:27 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2885
|
7.5 |
HIGH
Network
|
benoitc
|
hackney
|
Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return (\r) or line feed (\n) characters in the URL …
|
CWE-93
CRLF Injection
|
CVE-2026-47075
|
2026-05-29 05:26 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2886
|
5.4 |
MEDIUM
Network
|
mozilla
|
firefox
|
Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portio…
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-9078
|
2026-05-29 05:20 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2887
|
4.9 |
MEDIUM
Network
|
apache
|
syncope
|
Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope.
An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which a…
|
CWE-202
Exposure of Sensitive Information Through Data Queries
|
CVE-2026-42797
|
2026-05-29 05:19 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2888
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM (checks the Enterprise featu…
|
CWE-862
Missing Authorization
|
CVE-2026-46425
|
2026-05-29 05:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2889
|
7.8 |
HIGH
Local
|
codesys
|
development_system
|
The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the comp…
|
CWE-276
NVD-CWE-noinfo
Incorrect Default Permissions
|
CVE-2026-44468
|
2026-05-29 05:11 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2890
|
7.0 |
HIGH
Local
|
codesys
|
development_system
|
The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU r…
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-44469
|
2026-05-29 05:09 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
