|
2751
|
8.0 |
HIGH
Network
|
-
|
-
|
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an…
|
CWE-22
Path Traversal
|
CVE-2026-4858
|
2026-05-22 00:26 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2752
|
8.4 |
HIGH
Network
|
-
|
-
|
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent mac…
|
CWE-77
Command Injection
|
CVE-2026-2740
|
2026-05-22 00:26 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2753
|
7.1 |
HIGH
Network
|
-
|
-
|
Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass.
Thi…
|
CWE-359
CWE-522
Exposure of Private Personal Information to an Unauthorized Actor
Insufficiently Protected Credentials
|
CVE-2025-13477
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2754
|
7.5 |
HIGH
Network
|
-
|
-
|
Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers.
This issue affects QR Menu: throug…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-13479
|
2026-05-22 00:24 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2755
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Session Hijacking.
This issue affects Mobile Application: from 1.6.2 b…
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-1815
|
2026-05-22 00:24 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2756
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Brute Force.
This issue affects Mobile Appli…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-1816
|
2026-05-22 00:24 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2757
|
5.3 |
MEDIUM
Network
|
isc
|
bind
|
An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sendin…
|
CWE-606
Unchecked Input for Loop Condition
|
CVE-2026-5950
|
2026-05-22 00:24 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2758
|
5.9 |
MEDIUM
Network
|
isc
|
bind
|
Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. …
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2026-5947
|
2026-05-22 00:24 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2759
|
9.8 |
CRITICAL
Network
|
isc
|
bind
|
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.
This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.
BI…
|
CWE-416
Use After Free
|
CVE-2026-3593
|
2026-05-22 00:24 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2760
|
7.5 |
HIGH
Network
|
isc
|
bind
|
Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes…
|
CWE-20
CWE-125
CWE-617
CWE-754
CWE-843
Improper Input Validation
Out-of-bounds Read
Reachable Assertion
Improper Check for Unusual or Exceptional Conditions
Type Confusion
|
CVE-2026-5946
|
2026-05-22 00:24 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
