|
3351
|
7.8 |
HIGH
Local
|
-
|
-
|
A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious `config…
|
CWE-1066
|
CVE-2026-4372
|
2026-05-27 05:06 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3352
|
- |
|
-
|
-
|
This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2026-9274
|
2026-05-27 05:04 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3353
|
5.4 |
MEDIUM
Network
|
-
|
-
|
JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection (updated in 4.1.0) inappropriately treated requests with…
|
CWE-352
Origin Validation Error
|
CVE-2026-40864
|
2026-05-27 05:03 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3354
|
7.1 |
HIGH
Network
|
-
|
-
|
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery (CSRF) vulnerability. An attacker who can induce a logged-in…
|
CWE-352
Origin Validation Error
|
CVE-2026-41074
|
2026-05-27 05:03 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3355
|
8.8 |
HIGH
Network
|
-
|
-
|
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft i…
|
CWE-89
SQL Injection
|
CVE-2026-41075
|
2026-05-27 05:03 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3356
|
4.6 |
MEDIUM
Network
|
-
|
-
|
RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet (CSV/formula) injection vulnerability. User-controlled …
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-41073
|
2026-05-27 05:03 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3357
|
8.1 |
HIGH
Network
|
-
|
-
|
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations…
|
CWE-287
Improper Authentication
|
CVE-2026-41076
|
2026-05-27 05:03 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3358
|
- |
|
-
|
-
|
OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions perf…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-40127
|
2026-05-27 05:00 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3359
|
- |
|
-
|
-
|
Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file path and read corresponding files located on the serv…
|
CWE-22
Path Traversal
|
CVE-2026-7766
|
2026-05-27 04:59 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3360
|
- |
|
-
|
-
|
Szafir SDK returns a success status code from the cryptographic digital signature verification process (i.e. /VerifyingTaskItem/Signature/VerificationResult/Result/@code == 0, "Positively verified") …
|
CWE-393
CWE-637
Return of Wrong Status Code
|
CVE-2026-9058
|
2026-05-27 04:59 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
