|
1231
|
6.4 |
MEDIUM
Network
|
-
|
-
|
IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-36126
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1232
|
5.4 |
MEDIUM
Network
|
-
|
-
|
IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). Th…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2025-14290
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1233
|
5.3 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unau…
Update
|
CWE-565
CWE-639
Reliance on Cookies without Validation and Integrity Checking
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8337
|
2026-05-27 02:13 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1234
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipul…
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-9543
|
2026-05-27 01:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1235
|
3.3 |
LOW
Local
|
-
|
-
|
A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a mani…
New
|
CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Read
|
CVE-2026-9530
|
2026-05-27 01:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1236
|
3.3 |
LOW
Local
|
-
|
-
|
A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bou…
New
|
CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Read
|
CVE-2026-9504
|
2026-05-27 01:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1237
|
- |
|
-
|
-
|
IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable
for a NULL pointer dereferencing, if a specially crafted
sequence of messages is sent for a certain time, causing
Denial of Service …
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8479
|
2026-05-27 01:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1238
|
- |
|
-
|
-
|
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in the NetFlow v9 data flowset processor. In src/netflow_plugin/netflow_v9_collector.cpp, the Data template bra…
New
|
-
|
CVE-2026-48683
|
2026-05-27 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1239
|
7.6 |
HIGH
Network
|
-
|
-
|
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery (SSRF) protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following proces…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45082
|
2026-05-27 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1240
|
6.2 |
MEDIUM
Local
|
-
|
-
|
In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements() in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based …
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-42627
|
2026-05-27 01:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
