|
221
|
7.8 |
HIGH
Local
|
-
|
-
|
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different…
New
|
CWE-346
Origin Validation Error
|
CVE-2026-45206
|
2026-05-22 00:05 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222
|
7.8 |
HIGH
Local
|
-
|
-
|
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different…
New
|
CWE-346
Origin Validation Error
|
CVE-2026-45207
|
2026-05-22 00:05 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223
|
7.8 |
HIGH
Local
|
-
|
-
|
A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the abil…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-45208
|
2026-05-22 00:05 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224
|
6.5 |
MEDIUM
Network
|
-
|
-
|
In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-20238
|
2026-05-22 00:00 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225
|
7.5 |
HIGH
Network
|
-
|
-
|
In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_…
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-20239
|
2026-05-22 00:00 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226
|
6.5 |
MEDIUM
Network
|
-
|
-
|
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, …
New
|
CWE-20
Improper Input Validation
|
CVE-2026-20240
|
2026-05-22 00:00 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
227
|
7.8 |
HIGH
Local
|
-
|
-
|
The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-45250
|
2026-05-22 00:00 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
228
|
7.1 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ptrace: slightly saner 'get_dumpable()' logic
The 'dumpability' of a task is fundamentally about the memory image of
the task - t…
Update
|
CWE-269
Improper Privilege Management
|
CVE-2026-46333
|
2026-05-21 23:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
229
|
8.8 |
HIGH
Network
|
struktur
|
libheif
|
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write …
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-32740
|
2026-05-21 23:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
230
|
9.1 |
CRITICAL
Network
|
eclipse
|
glassfish
|
An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of …
New
|
CWE-94
CWE-917
Code Injection
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-2586
|
2026-05-21 22:18 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
