|
581
|
7.5 |
HIGH
Network
|
dell
|
powerflex_appliance_intelligent_catalog
powerflex_manager
powerflex_rack
|
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit thi…
|
CWE-276
Incorrect Default Permissions
|
CVE-2025-32749
|
2026-05-23 05:44 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
582
|
8.2 |
HIGH
Local
|
-
|
-
|
The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_code=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoT…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-5817
|
2026-05-23 05:44 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
583
|
8.2 |
HIGH
Local
|
-
|
-
|
The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the model_file configur…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-5843
|
2026-05-23 05:44 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
584
|
5.5 |
MEDIUM
Local
|
dell
|
powerflex_appliance_intelligent_catalog
powerflex_manager
powerflex_rack
|
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabi…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2025-32751
|
2026-05-23 05:40 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
585
|
5.5 |
MEDIUM
Local
|
dell
|
powerflex_appliance_intelligent_catalog
powerflex_manager
powerflex_rack
|
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially explo…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2025-46371
|
2026-05-23 05:40 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
586
|
7.1 |
HIGH
Network
|
-
|
-
|
Insecure deserialization in the job results processing component in Amazon Braket SDK before 1.117.0 might allow a remote authenticated user with S3 write access to the job output bucket to achieve a…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-9291
|
2026-05-23 05:31 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
587
|
8.8 |
HIGH
Local
|
-
|
-
|
The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly…
|
CWE-863
Incorrect Authorization
|
CVE-2026-6406
|
2026-05-23 05:31 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
588
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.11.0 through 2.28.1 allow any authenticated user to inject arbitrary HTML by updating their account's font family. Upon explo…
|
CWE-79
Cross-site Scripting
|
CVE-2026-40596
|
2026-05-23 05:31 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
589
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.28.1 and below, given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Pol…
|
CWE-79
CWE-358
Cross-site Scripting
Improperly Implemented Security Check for Standard
|
CVE-2026-40597
|
2026-05-23 05:31 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
590
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.11.0 through 2.28.1, a Stored XSS vulnerability is caused by incorrect escaping of a saved filter's owner, allowing an att…
|
CWE-79
Cross-site Scripting
|
CVE-2026-40607
|
2026-05-23 05:31 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
