|
951
|
7.5 |
HIGH
Network
|
-
|
-
|
When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBin_LoadHttpModule function in the dll would b…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8359
|
2026-05-28 06:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
952
|
- |
|
-
|
-
|
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump() writes to a file-like object and the write operation raises an excepti…
New
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-44660
|
2026-05-28 06:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
953
|
7.2 |
HIGH
Network
|
apache
|
syncope
|
Improper Isolation or Compartmentalization vulnerability in Apache Syncope.
An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted c…
Update
|
CWE-653
Improper Isolation or Compartmentalization
|
CVE-2026-42782
|
2026-05-28 06:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
954
|
4.0 |
MEDIUM
Network
|
-
|
-
|
A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass i…
New
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2026-21785
|
2026-05-28 06:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
955
|
2.4 |
LOW
Physics
|
-
|
-
|
AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an ove…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2025-68711
|
2026-05-28 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
956
|
2.4 |
LOW
Physics
|
-
|
-
|
Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay …
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2025-68710
|
2026-05-28 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
957
|
2.4 |
LOW
Physics
|
-
|
-
|
SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's …
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2025-68708
|
2026-05-28 06:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
958
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authen…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-1402
|
2026-05-28 05:53 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
959
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authentic…
New
|
CWE-862
Missing Authorization
|
CVE-2026-2601
|
2026-05-28 05:53 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
960
|
8.2 |
HIGH
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authent…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-4868
|
2026-05-28 05:47 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
