|
4661
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the …
|
CWE-88
Argument Injection
|
CVE-2026-44450
|
2026-05-27 23:57 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4662
|
7.1 |
HIGH
Network
|
-
|
-
|
The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpress_customizer_notify_dismiss_action AJAX handler before outputting it back in the response, al…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6268
|
2026-05-27 23:55 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4663
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-8676
|
2026-05-27 23:54 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4664
|
5.8 |
MEDIUM
Local
|
-
|
-
|
When the director sends a long-running request (e.g. compile_package), the agent's reply JSON is consumed by AgentClient. inject_compile_log (line 332-339) reads response['value']['result']['compile_…
|
CWE-22
Path Traversal
|
CVE-2026-41009
|
2026-05-27 23:54 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4665
|
5.0 |
MEDIUM
Local
|
-
|
-
|
AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) on every response, which reads response['value']['result']['compile_log_id'] (line 332-338…
|
CWE-284
Improper Access Control
|
CVE-2026-41704
|
2026-05-27 23:54 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4666
|
5.9 |
MEDIUM
Network
|
-
|
-
|
IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log…
|
CWE-521
Weak Password Requirements
|
CVE-2024-40684
|
2026-05-27 23:53 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4667
|
7.2 |
HIGH
Network
|
-
|
-
|
IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating syste…
|
CWE-530
Exposure of Backup File to an Unauthorized Control Sphere
|
CVE-2024-56462
|
2026-05-27 23:53 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4668
|
5.1 |
MEDIUM
Local
|
-
|
-
|
IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and IBM supplied M…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-2607
|
2026-05-27 23:53 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4669
|
9.8 |
CRITICAL
Network
|
-
|
-
|
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-8175
|
2026-05-27 23:53 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4670
|
8.8 |
HIGH
Network
|
-
|
-
|
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-8179
|
2026-05-27 23:53 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
