|
491
|
6.6 |
MEDIUM
Network
|
jenkins
|
ldap
|
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-48917
|
2026-06-3 01:14 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
492
|
6.6 |
MEDIUM
Network
|
jenkins
|
ldap
|
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals.
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-48916
|
2026-06-3 01:13 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
493
|
5.6 |
MEDIUM
Local
|
synology
|
assistant
|
An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation.
Update
|
CWE-346
Origin Validation Error
|
CVE-2025-66593
|
2026-06-3 01:09 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
494
|
5.6 |
MEDIUM
Local
|
synology
|
active_backup_for_business_agent
|
An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-servi…
Update
|
CWE-346
Origin Validation Error
|
CVE-2025-66592
|
2026-06-3 01:08 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
495
|
5.6 |
MEDIUM
Local
|
synology
|
activeprotect_agent
|
Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during instal…
Update
|
CWE-346
Origin Validation Error
|
CVE-2025-13593
|
2026-06-3 01:08 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
496
|
5.9 |
MEDIUM
Local
|
google
|
android
|
In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege wit…
New
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2026-0061
|
2026-06-3 00:48 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
497
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In multiple functions of DevicePolicyManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with n…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-0070
|
2026-06-3 00:48 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
498
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In getPreferredSize of LauncherProcessImageListener.kt, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution priv…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-0074
|
2026-06-3 00:47 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
499
|
5.3 |
MEDIUM
Network
|
ibm
|
openbmc
|
IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users.
Update
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-7254
|
2026-06-3 00:45 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
500
|
7.8 |
HIGH
Local
|
ibm
|
operations_analytics_log_analysis
|
IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, w…
Update
|
CWE-1392
NVD-CWE-noinfo
Use of Default Credentials
|
CVE-2026-7365
|
2026-06-3 00:40 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
