|
2641
|
4.3 |
MEDIUM
Network
|
jenkins
|
appspider
|
Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-spe…
|
CWE-269
Improper Privilege Management
|
CVE-2026-48923
|
2026-05-29 02:01 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2642
|
4.3 |
MEDIUM
Network
|
jenkins
|
bitbucket_oauth
|
Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
|
CWE-601
Open Redirect
|
CVE-2026-48924
|
2026-05-29 01:59 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2643
|
4.3 |
MEDIUM
Network
|
kostyasha
|
github_integration
|
A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request.
|
CWE-352
Origin Validation Error
|
CVE-2026-48925
|
2026-05-29 01:57 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2644
|
6.5 |
MEDIUM
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions han…
|
CWE-704
CWE-754
Incorrect Type Conversion or Cast
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-44324
|
2026-05-29 01:52 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2645
|
5.5 |
MEDIUM
Network
|
jenkins
|
buildgraph-view
|
Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or views.
|
CWE-79
Cross-site Scripting
|
CVE-2026-48927
|
2026-05-29 01:52 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2646
|
7.5 |
HIGH
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in N…
|
CWE-20
CWE-755
CWE-843
Improper Input Validation
Improper Handling of Exceptional Conditions
Type Confusion
|
CVE-2026-44325
|
2026-05-29 01:51 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2647
|
4.3 |
MEDIUM
Network
|
jenkins
|
multijob
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6b_b_d and earlier allows attackers to resume failed Multijob builds.
|
CWE-352
Origin Validation Error
|
CVE-2026-9674
|
2026-05-29 01:51 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2648
|
5.4 |
MEDIUM
Network
|
synology
|
contacts
|
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users …
|
CWE-79
Cross-site Scripting
|
CVE-2025-13167
|
2026-05-29 01:37 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2649
|
9.4 |
CRITICAL
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attac…
|
CWE-862
Missing Authorization
|
CVE-2026-44326
|
2026-05-29 01:25 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2650
|
10.0 |
CRITICAL
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker wh…
|
CWE-306
CWE-862
Missing Authentication for Critical Function
Missing Authorization
|
CVE-2026-44327
|
2026-05-29 01:24 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
