|
61
|
9.8 |
CRITICAL
Network
|
ibm
|
websphere_application_server
|
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code executi…
New
|
CWE-94
Code Injection
|
CVE-2026-8633
|
2026-05-28 03:12 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
62
|
7.8 |
HIGH
Local
|
openvpn
|
connect
|
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel
New
|
CWE-78
CWE-267
CWE-270
CWE-648
OS Command
Privilege Defined With Unsafe Actions
Privilege Context Switching Error
Incorrect Use of Privileged APIs
|
CVE-2026-9560
|
2026-05-28 03:08 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
63
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Mamunur Rashid The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects The Post Grid: from n/a through 7.9.2.
New
|
CWE-862
Missing Authorization
|
CVE-2026-49054
|
2026-05-28 02:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
64
|
7.5 |
HIGH
Network
|
archive\
|
\
|
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header.
_read_tar() reads each entry's payload with $handle->read($$data, $block), …
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-9538
|
2026-05-28 02:24 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
65
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6b_b_d and earlier allows attackers to resume failed Multijob builds.
New
|
CWE-352
Origin Validation Error
|
CVE-2026-9674
|
2026-05-28 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
66
|
9.1 |
CRITICAL
Network
|
-
|
-
|
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file().
send_file() opens its string argument with Perl's 2-arg open(). The 2-arg form interprets magic prefixes: '| cm…
New
|
CWE-73
CWE-78
External Control of File Name or Path
OS Command
|
CVE-2026-8450
|
2026-05-28 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
67
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-6052
|
2026-05-28 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
68
|
4.8 |
MEDIUM
Adjacent
|
-
|
-
|
IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, …
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-4410
|
2026-05-28 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
69
|
7.3 |
HIGH
Network
|
-
|
-
|
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob.
_parseOutputGlob() wraps the caller-supplied output glob string in …
New
|
CWE-95
Eval Injection
|
CVE-2026-48962
|
2026-05-28 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
70
|
5.5 |
MEDIUM
Network
|
-
|
-
|
Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or views.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48927
|
2026-05-28 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
