|
2221
|
6.1 |
MEDIUM
Network
|
mistune_project
|
mistune
|
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as _num_re = re.compile(r"^…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44899
|
2026-05-28 22:38 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2222
|
8.8 |
HIGH
Network
|
tanium
|
connect
|
Tanium addressed an unauthorized code execution vulnerability in Connect.
|
CWE-78
OS Command
|
CVE-2026-9207
|
2026-05-28 22:31 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2223
|
10.0 |
CRITICAL
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network a…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44330
|
2026-05-28 22:06 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2224
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation whe…
|
CWE-59
Link Following
|
CVE-2026-7374
|
2026-05-28 12:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2225
|
7.2 |
HIGH
Network
|
apache
|
syncope
|
Improper Isolation or Compartmentalization vulnerability in Apache Syncope.
An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted c…
|
CWE-653
Improper Isolation or Compartmentalization
|
CVE-2026-42782
|
2026-05-28 06:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2226
|
2.4 |
LOW
Physics
|
-
|
-
|
AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an ove…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2025-68711
|
2026-05-28 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2227
|
2.4 |
LOW
Physics
|
-
|
-
|
Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay …
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2025-68710
|
2026-05-28 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2228
|
2.4 |
LOW
Physics
|
-
|
-
|
SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's …
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2025-68708
|
2026-05-28 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2229
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authen…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-1402
|
2026-05-28 05:53 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2230
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authentic…
|
CWE-862
Missing Authorization
|
CVE-2026-2601
|
2026-05-28 05:53 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
