|
1451
|
8.3 |
HIGH
Network
|
-
|
-
|
Use after free in Passwords in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafte…
|
CWE-416
Use After Free
|
CVE-2026-10000
|
2026-05-30 00:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1452
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The atta…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-10061
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1453
|
9.8 |
CRITICAL
Network
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The functi…
|
CWE-798
CWE-1392
Use of Hard-coded Credentials
Use of Default Credentials
|
CVE-2026-45039
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1454
|
- |
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buckets without enforcing dest…
|
CWE-863
Incorrect Authorization
|
CVE-2026-45042
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1455
|
- |
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-45044
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1456
|
- |
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFS_CORS_ALLOWED_ORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origi…
|
CWE-306
CWE-346
CWE-942
Missing Authentication for Critical Function
Origin Validation Error
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-46685
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1457
|
- |
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentic…
|
CWE-200
CWE-306
Information Exposure
Missing Authentication for Critical Function
|
CVE-2026-47136
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1458
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filter_target parameter on return_dynamic_filters.php (normally used as an AJAX in View Issu…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41897
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1459
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (UPDATER, with default setti…
|
CWE-863
Incorrect Authorization
|
CVE-2026-42070
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1460
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user (REPORTER+) to…
|
CWE-862
Missing Authorization
|
CVE-2026-42071
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
