|
341
|
7.5 |
HIGH
Network
|
synology
|
c2_identity_edge_server
|
An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server.
Update
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2025-14713
|
2026-06-3 05:41 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
342
|
8.6 |
HIGH
Network
|
synology
|
active_backup_for_business
|
A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files.
Update
|
CWE-89
SQL Injection
|
CVE-2025-30028
|
2026-06-3 05:41 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
343
|
5.9 |
MEDIUM
Network
|
synology
|
safe_access
|
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with admi…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2025-10466
|
2026-06-3 05:30 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
344
|
8.6 |
HIGH
Local
|
zed
|
zed
|
Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allow…
Update
|
CWE-78
OS Command
|
CVE-2026-44465
|
2026-06-3 05:17 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345
|
7.1 |
HIGH
Local
|
-
|
-
|
Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and p…
New
|
CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
|
CVE-2026-8036
|
2026-06-3 05:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346
|
7.1 |
HIGH
Local
|
-
|
-
|
Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability aff…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8035
|
2026-06-3 05:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347
|
- |
|
-
|
-
|
In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names e…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-49299
|
2026-06-3 05:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
348
|
8.5 |
HIGH
Network
|
-
|
-
|
Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHI…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-49120
|
2026-06-3 05:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349
|
- |
|
-
|
-
|
In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty bu…
Update
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-49017
|
2026-06-3 05:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350
|
8.1 |
HIGH
Network
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with deny_remote=false in pam_usb (commonly done for display manage…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-48064
|
2026-06-3 05:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
