|
3841
|
5.3 |
MEDIUM
Network
|
apache
|
apache-airflow-providers-fab
|
Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache…
|
CWE-90
LDAP Injection
|
CVE-2026-46745
|
2026-05-28 00:31 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3842
|
9.8 |
CRITICAL
Network
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes attr…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-48691
|
2026-05-28 00:29 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3843
|
6.5 |
MEDIUM
Network
|
struktur
|
libheif
|
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS.…
|
CWE-125
CWE-476
Out-of-bounds Read
NULL Pointer Dereference
|
CVE-2026-41069
|
2026-05-28 00:26 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3844
|
8.1 |
HIGH
Network
|
struktur
|
libheif
|
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chun…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-41071
|
2026-05-28 00:25 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3845
|
- |
|
-
|
-
|
When creating an export through the pretix API, API clients are
returned an UUID value for their export job (a long, random string like
35742818-c375-4d15-839f-d49aecce94d6). Using this UUID, the A…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9712
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3846
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument u…
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-9579
|
2026-05-28 00:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3847
|
- |
|
-
|
-
|
Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs in mailboxes/detachall.cgi.
|
CWE-24
Path Traversal: '../filedir'
|
CVE-2026-49103
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3848
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type (e.g., text/plain).
|
CWE-79
Cross-site Scripting
|
CVE-2026-49102
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3849
|
4.7 |
MEDIUM
Network
|
-
|
-
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Facebook Facebook for WooCommerce allows Phishing.
This issue affects Facebook for WooCommerce: from n/a through 3.7.0.
|
CWE-601
Open Redirect
|
CVE-2026-49059
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3850
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects ElementsKit Elementor addon…
|
CWE-862
Missing Authorization
|
CVE-2026-49053
|
2026-05-28 00:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
