|
3001
|
9.8 |
CRITICAL
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers ca…
|
CWE-94
Code Injection
|
CVE-2018-25357
|
2026-05-28 00:56 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3002
|
8.1 |
HIGH
Network
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniper_plugin/fastnetmon_juniper.php, the $IP_ATTACK vari…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-48694
|
2026-05-28 00:53 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3003
|
8.1 |
HIGH
Network
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src/mikrotik_plugin/fastnetmon_mikrotik.php…
|
CWE-78
OS Command
|
CVE-2026-48695
|
2026-05-28 00:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3004
|
6.2 |
MEDIUM
Local
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689.
|
CWE-120
CWE-676
Classic Buffer Overflow
Use of Potentially Dangerous Function
|
CVE-2026-48696
|
2026-05-28 00:42 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3005
|
7.2 |
HIGH
Network
|
ibm
|
engineering_lifecycle_management
|
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted.
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-4051
|
2026-05-28 00:41 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3006
|
7.2 |
HIGH
Network
|
citeum
|
opencti
|
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a differ…
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-44730
|
2026-05-28 00:40 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3007
|
7.4 |
HIGH
Network
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fast_library.cpp creates a boost::asio::ssl…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-48697
|
2026-05-28 00:31 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3008
|
5.3 |
MEDIUM
Network
|
apache
|
apache-airflow-providers-fab
|
Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache…
|
CWE-90
LDAP Injection
|
CVE-2026-46745
|
2026-05-28 00:31 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3009
|
9.8 |
CRITICAL
Network
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes attr…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-48691
|
2026-05-28 00:29 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3010
|
6.5 |
MEDIUM
Network
|
struktur
|
libheif
|
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS.…
|
CWE-125
CWE-476
Out-of-bounds Read
NULL Pointer Dereference
|
CVE-2026-41069
|
2026-05-28 00:26 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
