|
3641
|
4.0 |
MEDIUM
Network
|
-
|
-
|
A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass i…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2026-21785
|
2026-06-2 03:04 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3642
|
7.5 |
HIGH
Network
|
-
|
-
|
The Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.5, <7.13.8, and <7.10.12 accepts a client-supplied IMessage object and passes it dir…
|
CWE-284
Improper Access Control
|
CVE-2026-32995
|
2026-06-2 03:04 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3643
|
8.1 |
HIGH
Network
|
portainer
|
portainer
|
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before …
|
CWE-863
Incorrect Authorization
|
CVE-2026-44882
|
2026-06-2 03:03 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3644
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A race condition in the shared Extreme Platform
ONE IAM Gateway API-key authentication path could, under specific
high-concurrency traffic conditions, intermittently allow requests
authenticated with…
|
CWE-362
CWE-488
Race Condition
Exposure of Data Element to Wrong Session
|
CVE-2026-9831
|
2026-06-2 03:02 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3645
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that ena…
|
CWE-79
CWE-306
CWE-319
Cross-site Scripting
Missing Authentication for Critical Function
Cleartext Transmission of Sensitive Information
|
CVE-2026-25599
|
2026-06-2 03:02 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3646
|
6.4 |
MEDIUM
Local
|
-
|
-
|
The PDBM application relies on a static, hard‑coded secret embedded
in the PDBM.exe executable. This secret is used by the application’s
encryption routines, including the function responsible for …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-25600
|
2026-06-2 03:02 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3647
|
- |
|
-
|
-
|
Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IO…
|
-
|
CVE-2026-8501
|
2026-06-2 03:02 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3648
|
9.9 |
CRITICAL
Network
|
portainer
|
portainer
|
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before …
|
CWE-59
CWE-200
Link Following
Information Exposure
|
CVE-2026-44881
|
2026-06-2 03:02 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3649
|
8.5 |
HIGH
Network
|
portainer
|
portainer
|
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before …
|
CWE-863
Incorrect Authorization
|
CVE-2026-44850
|
2026-06-2 02:59 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3650
|
8.8 |
HIGH
Network
|
portainer
|
portainer
|
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before …
|
CWE-862
Missing Authorization
|
CVE-2026-44849
|
2026-06-2 02:59 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
