|
4871
|
7.3 |
HIGH
Network
|
-
|
-
|
IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob.
_parseOutputGlob() wraps the caller-supplied output glob string in …
|
CWE-95
Eval Injection
|
CVE-2026-48962
|
2026-05-28 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4872
|
- |
|
-
|
-
|
Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available…
|
CWE-506
Embedded Malicious Code
|
CVE-2026-48027
|
2026-05-28 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4873
|
6.5 |
MEDIUM
Network
|
-
|
-
|
e107 is a content management system (CMS). Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how session_handler::check…
|
CWE-285
CWE-352
Improper Authorization
Origin Validation Error
|
CVE-2026-46620
|
2026-05-28 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4874
|
5.9 |
MEDIUM
Network
|
-
|
-
|
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash() function with the SHA-256 algorith…
|
CWE-759
CWE-916
Use of a One-Way Hash without a Salt
Use of Password Hash With Insufficient Computational Effort
|
CVE-2026-45027
|
2026-05-28 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4875
|
8.7 |
HIGH
Network
|
-
|
-
|
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting (XSS) via attachment filenames in remediation verification …
|
CWE-79
Cross-site Scripting
|
CVE-2026-44667
|
2026-05-28 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4876
|
6.1 |
MEDIUM
Adjacent
|
-
|
-
|
Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored va…
|
CWE-358
Improperly Implemented Security Check for Standard
|
CVE-2026-44475
|
2026-05-28 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4877
|
3.7 |
LOW
Adjacent
|
-
|
-
|
Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could se…
|
CWE-358
Improperly Implemented Security Check for Standard
|
CVE-2026-44474
|
2026-05-28 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4878
|
7.1 |
HIGH
Adjacent
|
-
|
-
|
Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does…
|
CWE-358
CWE-863
Improperly Implemented Security Check for Standard
Incorrect Authorization
|
CVE-2026-44473
|
2026-05-28 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4879
|
- |
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in the /admin/config-module.php component of creatorsofcode simplephp GitHub commit 5184cff (Latest as of 2026-02-27) via injecting a crafted payload.
|
-
|
CVE-2026-38931
|
2026-05-28 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4880
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Account Manager for WooCom…
|
CWE-862
Missing Authorization
|
CVE-2022-41656
|
2026-05-28 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
