|
2801
|
6.1 |
MEDIUM
Network
|
mistune_project
|
mistune
|
Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options direc…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44896
|
2026-05-28 22:43 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2802
|
6.1 |
MEDIUM
Network
|
mistune_project
|
mistune
|
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading() builds the opening <hN> tag by string-concatenating the id attribute value directly into the HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44897
|
2026-05-28 22:42 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2803
|
6.1 |
MEDIUM
Network
|
mistune_project
|
mistune
|
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used a…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44898
|
2026-05-28 22:42 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2804
|
5.4 |
MEDIUM
Network
|
apache
|
shiro
|
Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login.
In affected versions, insufficient validation of this client-controlled value coul…
|
CWE-601
Open Redirect
|
CVE-2026-48589
|
2026-05-28 22:38 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2805
|
6.1 |
MEDIUM
Network
|
mistune_project
|
mistune
|
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as _num_re = re.compile(r"^…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44899
|
2026-05-28 22:38 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2806
|
8.8 |
HIGH
Network
|
tanium
|
connect
|
Tanium addressed an unauthorized code execution vulnerability in Connect.
|
CWE-78
OS Command
|
CVE-2026-9207
|
2026-05-28 22:31 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2807
|
10.0 |
CRITICAL
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network a…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44330
|
2026-05-28 22:06 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2808
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation whe…
|
CWE-59
Link Following
|
CVE-2026-7374
|
2026-05-28 12:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2809
|
7.2 |
HIGH
Network
|
apache
|
syncope
|
Improper Isolation or Compartmentalization vulnerability in Apache Syncope.
An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted c…
|
CWE-653
Improper Isolation or Compartmentalization
|
CVE-2026-42782
|
2026-05-28 06:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2810
|
2.4 |
LOW
Physics
|
-
|
-
|
AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an ove…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2025-68711
|
2026-05-28 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
