|
5031
|
- |
|
-
|
-
|
When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, t…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-41185
|
2026-05-29 03:55 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5032
|
8.2 |
HIGH
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and dis…
|
CWE-862
Missing Authorization
|
CVE-2026-42083
|
2026-05-29 03:40 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5033
|
7.7 |
HIGH
Network
|
-
|
-
|
OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's Python API exposes several app_apikey routes that trust a caller-provided projectKey after validating only that the API…
|
CWE-284
Improper Access Control
|
CVE-2026-45296
|
2026-05-29 03:40 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5034
|
- |
|
-
|
-
|
OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatch. ProjectAuthorizer.__call__ (OSS…
|
CWE-285
CWE-639
CWE-863
Improper Authorization
Authorization Bypass Through User-Controlled Key
Incorrect Authorization
|
CVE-2026-45297
|
2026-05-29 03:40 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5035
|
2.7 |
LOW
Network
|
synology
|
surveillance_station
|
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows …
|
CWE-22
Path Traversal
|
CVE-2024-47267
|
2026-05-29 03:39 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5036
|
4.9 |
MEDIUM
Network
|
synology
|
surveillance_station
|
Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtai…
|
CWE-862
Missing Authorization
|
CVE-2024-47268
|
2026-05-29 03:38 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5037
|
10.0 |
CRITICAL
Network
|
-
|
-
|
SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That ca…
|
CWE-94
Code Injection
|
CVE-2026-43898
|
2026-05-29 03:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5038
|
7.1 |
HIGH
Network
|
-
|
-
|
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the cu…
|
CWE-471
CWE-749
Modification of Assumed-Immutable Data (MAID)
Exposed Dangerous Method or Function
|
CVE-2026-44798
|
2026-05-29 03:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5039
|
4.9 |
MEDIUM
Network
|
synology
|
surveillance_station
|
Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with adm…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-47269
|
2026-05-29 03:38 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5040
|
2.7 |
LOW
Network
|
synology
|
surveillance_station
|
Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administra…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2024-47270
|
2026-05-29 03:38 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
