|
251
|
6.5 |
MEDIUM
Network
|
-
|
-
|
In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-49386
|
2026-05-30 05:11 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252
|
9.8 |
CRITICAL
Network
|
deltaww
|
diaview
|
There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote Database Access)
An unauthenticated remote attacker can access configured databases in a DIAView project.
Update
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-9642
|
2026-05-30 04:53 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253
|
7.5 |
HIGH
Network
|
microsoft
|
planetary_computer
|
Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network.
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-41104
|
2026-05-30 04:46 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254
|
5.5 |
MEDIUM
Local
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP me…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-48735
|
2026-05-30 04:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255
|
3.3 |
LOW
Local
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams w…
New
|
CWE-834
Excessive Iteration
|
CVE-2026-48156
|
2026-05-30 04:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256
|
5.5 |
MEDIUM
Local
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in l…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-48155
|
2026-05-30 04:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257
|
9.8 |
CRITICAL
Network
|
ibm
|
engineering_lifecycle_management
|
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the ap…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-3660
|
2026-05-30 04:31 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258
|
9.6 |
CRITICAL
Network
|
amirraminfar
|
dozzle
|
Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) bool { return true }, accepti…
Update
|
CWE-346
Origin Validation Error
|
CVE-2026-44985
|
2026-05-30 04:30 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259
|
7.1 |
HIGH
Adjacent
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against it…
Update
|
CWE-358
Improperly Implemented Security Check for Standard
|
CVE-2026-42081
|
2026-05-30 04:24 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260
|
8.6 |
HIGH
Network
|
amirraminfar
|
dozzle
|
Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy (the documented quickstart, no DOZZLE_AUTH_PROVIDER set), POST /api/notifications/test-webhook is re…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45298
|
2026-05-30 04:23 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
