|
5331
|
8.2 |
HIGH
Adjacent
|
-
|
-
|
PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions …
|
CWE-863
Incorrect Authorization
|
CVE-2026-26289
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5332
|
5.7 |
MEDIUM
Adjacent
|
-
|
-
|
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions.
|
CWE-863
Incorrect Authorization
|
CVE-2026-33570
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5333
|
6.3 |
MEDIUM
Adjacent
|
-
|
-
|
PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups.
|
CWE-863
Incorrect Authorization
|
CVE-2026-35555
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5334
|
7.8 |
HIGH
Local
|
-
|
-
|
The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-8108
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5335
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /{index_name}/documents endpoint lacks proper aut…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-31215
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5336
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/{object_name:path} endpoint lacks authentica…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-31216
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5337
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary code execution. When a user …
|
CWE-94
Code Injection
|
CVE-2026-31217
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5338
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe ev…
|
CWE-94
Code Injection
|
CVE-2026-31228
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5339
|
8.8 |
HIGH
Network
|
-
|
-
|
The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The _parse_op_part() function in query.py uses the unsafe eval() function t…
|
CWE-94
Code Injection
|
CVE-2026-31225
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5340
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a C…
|
CWE-416
Use After Free
|
CVE-2026-45185
|
2026-05-14 00:52 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
