|
5651
|
7.3 |
HIGH
Network
|
-
|
-
|
Versions of the package @koa/router from 14.0.0 and before 15.0.0 are vulnerable to Access Control Bypass due to the middleware being silently dropped from the execution chain when the router prefix …
|
CWE-284
Improper Access Control
|
CVE-2026-9495
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5652
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Zohocorp Zoho Mail wordpress plugin is vulnerable to Cross-Site request forgery (CSRF).
This issue affects Zoho Mail wordpress plugin versions before 1.6.2.
|
CWE-352
Origin Validation Error
|
CVE-2026-8174
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5653
|
- |
|
-
|
-
|
A heap-based buffer overflow vulnerability exists in XML
parser functionality in the HiDraw. An authenticated
malicious user with local access can exploit this
vulnerability using a specially crafted…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-7310
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5654
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobile_login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing …
|
CWE-295
Improper Certificate Validation
|
CVE-2026-48249
|
2026-05-26 23:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5655
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound H…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-48248
|
2026-05-26 23:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5656
|
4.1 |
MEDIUM
Network
|
-
|
-
|
When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Comp…
|
CWE-89
SQL Injection
|
CVE-2026-48136
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5657
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A Check Point HTTP-based service can incorrectly handle malformed HTTP requests.
The issue is related to HTTP request parsing and validation.
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-48135
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5658
|
7.5 |
HIGH
Network
|
-
|
-
|
When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway.
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-48133
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5659
|
8.1 |
HIGH
Network
|
-
|
-
|
The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, r…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-48131
|
2026-05-26 23:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5660
|
7.1 |
HIGH
Network
|
-
|
-
|
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 ("Credential Theft via Client-Side Script Execution and API Authorization Bypass") is incomplete. Whil…
|
CWE-284
CWE-522
CWE-639
Improper Access Control
Insufficiently Protected Credentials
Authorization Bypass Through User-Controlled Key
|
CVE-2026-39968
|
2026-05-26 23:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
