|
2051
|
- |
|
-
|
-
|
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via work_flow_template Import. Authenticated users can supply arbitrary URLs in work_flow_template.downloadUrl which are fetc…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45412
|
2026-05-28 04:41 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2052
|
- |
|
-
|
-
|
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute f…
|
CWE-328
Use of Weak Hash
|
CVE-2026-45413
|
2026-05-28 04:41 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2053
|
7.4 |
HIGH
Network
|
-
|
-
|
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP (within the TI netwo…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-45575
|
2026-05-28 04:41 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2054
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic he…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-47672
|
2026-05-28 04:41 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2055
|
8.1 |
HIGH
Adjacent
|
-
|
-
|
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signature verification at line 45…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-44900
|
2026-05-28 04:41 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2056
|
8.1 |
HIGH
Adjacent
|
-
|
-
|
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS c…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-45574
|
2026-05-28 04:41 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2057
|
- |
|
-
|
-
|
Missing Authorization vulnerability in oban-bg oban_web ('Elixir.Oban.Web.Jobs.DetailComponent' modules) allows unauthorized job worker substitution.
The handle_event("save-job", ...) handler in 'El…
|
CWE-862
Missing Authorization
|
CVE-2026-48592
|
2026-05-28 04:38 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2058
|
- |
|
-
|
-
|
Uncontrolled Resource Consumption vulnerability in oban-bg oban_web ('Elixir.Oban.Web.CronExpr' modules) allows memory exhaustion via unbounded cron range expansion.
An attacker with access to sched…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-48593
|
2026-05-28 04:38 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2059
|
5.9 |
MEDIUM
Network
|
putty
|
putty
|
PuTTY 0.72 before 0.84 has a double free in RSA KEX.
|
CWE-415
Double Free
|
CVE-2026-48850
|
2026-05-28 04:14 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2060
|
3.1 |
LOW
Network
|
putty
|
putty
|
PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session.
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-48851
|
2026-05-28 04:12 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
