|
1051
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server.
This issue affects all MongoDB Server v8.2 versions, all MongoDB Serv…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-6914
|
2026-05-1 00:13 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1052
|
6.3 |
MEDIUM
Network
|
-
|
-
|
An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect h…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-6915
|
2026-05-1 00:13 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1053
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths.
|
CWE-862
Missing Authorization
|
CVE-2026-42519
|
2026-05-1 00:11 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1054
|
7.5 |
HIGH
Network
|
-
|
-
|
Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write file…
|
CWE-22
Path Traversal
|
CVE-2026-42520
|
2026-05-1 00:11 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1055
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategi…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-42521
|
2026-05-1 00:11 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1056
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacke…
|
CWE-862
Missing Authorization
|
CVE-2026-42522
|
2026-05-1 00:11 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1057
|
4.4 |
MEDIUM
Local
|
-
|
-
|
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, res…
|
CWE-124
CWE-191
Buffer Underflow
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-26204
|
2026-05-1 00:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1058
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security…
|
CWE-307
CWE-362
CWE-367
mproper Restriction of Excessive Authentication Attempts
Race Condition
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-26206
|
2026-05-1 00:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1059
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in print_hex_string() i…
|
CWE-121
CWE-400
Stack-based Buffer Overflow
Uncontrolled Resource Consumption
|
CVE-2026-28221
|
2026-05-1 00:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1060
|
9.0 |
CRITICAL
Network
|
-
|
-
|
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchroniz…
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-30893
|
2026-05-1 00:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
