|
2861
|
7.5 |
HIGH
Network
|
-
|
-
|
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tag…
|
CWE-73
CWE-306
CWE-552
External Control of File Name or Path
Missing Authentication for Critical Function
Files or Directories Accessible to External Parties
|
CVE-2026-45088
|
2026-05-28 03:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2862
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous global…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-44451
|
2026-05-28 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2863
|
4.3 |
MEDIUM
Network
|
-
|
-
|
PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality
|
CWE-79
Cross-site Scripting
|
CVE-2026-36239
|
2026-05-28 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2864
|
5.2 |
MEDIUM
Adjacent
|
-
|
-
|
SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URI…
|
CWE-79
Cross-site Scripting
|
CVE-2025-68709
|
2026-05-28 03:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2865
|
9.8 |
CRITICAL
Network
|
ibm
|
websphere_application_server
|
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code executi…
|
CWE-94
Code Injection
|
CVE-2026-8633
|
2026-05-28 03:12 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2866
|
7.8 |
HIGH
Local
|
openvpn
|
connect
|
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel
|
CWE-78
CWE-267
CWE-270
CWE-648
OS Command
Privilege Defined With Unsafe Actions
Privilege Context Switching Error
Incorrect Use of Privileged APIs
|
CVE-2026-9560
|
2026-05-28 03:08 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2867
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Mamunur Rashid The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects The Post Grid: from n/a through 7.9.2.
|
CWE-862
Missing Authorization
|
CVE-2026-49054
|
2026-05-28 02:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2868
|
9.1 |
CRITICAL
Network
|
-
|
-
|
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file().
send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cm…
|
CWE-73
CWE-78
External Control of File Name or Path
OS Command
|
CVE-2026-8450
|
2026-05-28 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2869
|
7.3 |
HIGH
Network
|
-
|
-
|
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob.
_parseOutputGlob() wraps the caller-supplied output glob string in …
|
CWE-95
Eval Injection
|
CVE-2026-48962
|
2026-05-28 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2870
|
- |
|
-
|
-
|
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available…
|
CWE-506
Embedded Malicious Code
|
CVE-2026-48027
|
2026-05-28 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
