|
1241
|
5.5 |
MEDIUM
Local
|
-
|
-
|
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symli…
New
|
CWE-59
Link Following
|
CVE-2026-40610
|
2026-05-27 01:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1242
|
7.8 |
HIGH
Local
|
-
|
-
|
gix-submodule before 0.82.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized …
New
|
CWE-77
Command Injection
|
CVE-2026-40034
|
2026-05-27 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1243
|
- |
|
-
|
-
|
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-l…
New
|
-
|
CVE-2026-38587
|
2026-05-27 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1244
|
7.0 |
HIGH
Local
|
samba
|
rsync
|
Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replac…
Update
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-29518
|
2026-05-27 01:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1245
|
7.8 |
HIGH
Local
|
-
|
-
|
A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows a privilege escalation attack.
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-25112
|
2026-05-27 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1246
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: skbuff: preserve shared-frag marker during coalescing
skb_try_coalesce() can attach paged frags from @from to @to. If @from…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-46300
|
2026-05-27 00:46 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1247
|
7.3 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Valu…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9552
|
2026-05-27 00:17 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1248
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. This affects the function xp_cmdshell of the file ParkingRecord/ExportParkingRecords of the component API Endpoint. The …
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9551
|
2026-05-27 00:17 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1249
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWE…
New
|
CWE-22
Path Traversal
|
CVE-2026-9550
|
2026-05-27 00:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1250
|
8.5 |
HIGH
Network
|
-
|
-
|
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J"
substitution charac…
New
|
CWE-78
OS Command
|
CVE-2026-4480
|
2026-05-27 00:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
