|
1211
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Mamunur Rashid The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects The Post Grid: from n/a through 7.9.2.
New
|
CWE-862
Missing Authorization
|
CVE-2026-49054
|
2026-05-28 02:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1212
|
9.1 |
CRITICAL
Network
|
-
|
-
|
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file().
send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cm…
New
|
CWE-73
CWE-78
External Control of File Name or Path
OS Command
|
CVE-2026-8450
|
2026-05-28 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1213
|
4.8 |
MEDIUM
Adjacent
|
-
|
-
|
IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, …
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-4410
|
2026-05-28 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1214
|
7.3 |
HIGH
Network
|
-
|
-
|
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob.
_parseOutputGlob() wraps the caller-supplied output glob string in …
New
|
CWE-95
Eval Injection
|
CVE-2026-48962
|
2026-05-28 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1215
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of cred…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-48926
|
2026-05-28 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1216
|
6.6 |
MEDIUM
Network
|
-
|
-
|
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals.
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-48916
|
2026-05-28 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1217
|
- |
|
-
|
-
|
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available…
New
|
CWE-506
Embedded Malicious Code
|
CVE-2026-48027
|
2026-05-28 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1218
|
6.5 |
MEDIUM
Network
|
-
|
-
|
e107 is a content management system (CMS). Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how session_handler::check…
Update
|
CWE-285
CWE-352
Improper Authorization
Origin Validation Error
|
CVE-2026-46620
|
2026-05-28 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1219
|
5.9 |
MEDIUM
Network
|
-
|
-
|
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash() function with the SHA-256 algorith…
New
|
CWE-759
CWE-916
Use of a One-Way Hash without a Salt
Use of Password Hash With Insufficient Computational Effort
|
CVE-2026-45027
|
2026-05-28 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1220
|
8.2 |
HIGH
Network
|
-
|
-
|
GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replac…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44971
|
2026-05-28 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
