|
2521
|
7.3 |
HIGH
Network
|
-
|
-
|
IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID.
When decode_ux() in bin/…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2026-48961
|
2026-05-30 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2522
|
7.5 |
HIGH
Network
|
-
|
-
|
IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward.
fastForward() compares length $offset (the digit count of the offset, 1 to 19) agains…
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-48959
|
2026-05-30 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2523
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Eas…
|
CWE-269
CWE-284
CWE-306
Improper Privilege Management
Improper Access Control
Missing Authentication for Critical Function
|
CVE-2026-46824
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2524
|
7.7 |
HIGH
Network
|
-
|
-
|
Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.2.6-12.2.15. Easily ex…
|
CWE-863
Incorrect Authorization
|
CVE-2026-46823
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2525
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability all…
|
CWE-284
Improper Access Control
|
CVE-2026-46822
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2526
|
7.7 |
HIGH
Network
|
-
|
-
|
Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable v…
|
CWE-284
Improper Access Control
|
CVE-2026-46821
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2527
|
- |
|
-
|
-
|
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authent…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45342
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2528
|
7.5 |
HIGH
Network
|
-
|
-
|
CryptX versions before 0.088_001 for Perl have a stack buffer overflow in four AEAD decrypt_verify helpers.
The gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify and eax_decryp…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-41565
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2529
|
7.3 |
HIGH
Network
|
-
|
-
|
An arbitrary file upload vulnerability in the pages/admin.uploadmapimg.php component of SourceBans Material Admin v1.1.6 allows attackers to execute arbitrary code via uploading a crafted image file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-30761
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2530
|
7.3 |
HIGH
Network
|
-
|
-
|
An issue in SourceBans Material Admin before v.1.1.6 (3ecd95e) allows attackers to manipulate arbitrary user data in the web app via a crafted XAJAX call.
|
CWE-20
Improper Input Validation
|
CVE-2026-30760
|
2026-05-30 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
