|
3321
|
7.0 |
HIGH
Network
|
-
|
-
|
An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakag…
|
CWE-310
Cryptographic Issues
|
CVE-2026-49000
|
2026-05-27 17:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3322
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Attackers carefully craft malicious scripts, such as JavaScript, and inject them into target systems; when other users access pages containing such malicious content, the scripts are automatically lo…
|
CWE-79
Cross-site Scripting
|
CVE-2026-48999
|
2026-05-27 17:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3323
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Al…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-2255
|
2026-05-27 13:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3324
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notficatio…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-2254
|
2026-05-27 13:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3325
|
7.7 |
HIGH
Network
|
-
|
-
|
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.
|
CWE-611
XXE
|
CVE-2026-2253
|
2026-05-27 13:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3326
|
9.8 |
CRITICAL
Network
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer,…
|
CWE-787
CWE-122
CWE-193
Out-of-bounds Write
Heap-based Buffer Overflow
Off-by-one Error
|
CVE-2026-48689
|
2026-05-27 11:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3327
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
-
|
CVE-2026-8680
|
2026-05-27 08:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3328
|
5.4 |
MEDIUM
Network
|
snipeitapp
|
snipe-it
|
Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting (XSS). This vulne…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44831
|
2026-05-27 05:39 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3329
|
8.8 |
HIGH
Network
|
snipeitapp
|
snipe-it
|
Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api…
|
CWE-281
CWE-863
Improper Preservation of Permissions
Incorrect Authorization
|
CVE-2026-44832
|
2026-05-27 05:38 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3330
|
7.1 |
HIGH
Network
|
snipeitapp
|
snipe-it
|
Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header…
|
CWE-601
Open Redirect
|
CVE-2026-44833
|
2026-05-27 05:38 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
