|
741
|
9.1 |
CRITICAL
Network
|
ibm
|
storage_protect
|
IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hard…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-12628
|
2026-06-27 05:01 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
742
|
5.5 |
MEDIUM
Local
|
rubyconcurrency
|
concurrent_ruby
|
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The…
|
CWE-128
Wrap-around Error
|
CVE-2026-54905
|
2026-06-27 05:01 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
743
|
9.8 |
CRITICAL
Network
|
rubyconcurrency
|
concurrent_ruby
|
concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock does not verify that the calling thread acquired the write lock. Any thread with a…
|
CWE-414
CWE-667
Missing Lock Check
Improper Locking
|
CVE-2026-54906
|
2026-06-27 05:00 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
744
|
4.8 |
MEDIUM
Network
|
jenkins
|
bitbucket_push_and_pull_request
|
Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to th…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-57289
|
2026-06-27 04:59 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
745
|
4.3 |
MEDIUM
Network
|
jenkins
|
github_branch_source
|
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers con…
|
CWE-862
Missing Authorization
|
CVE-2026-57285
|
2026-06-27 04:59 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
746
|
8.8 |
HIGH
Network
|
jenkins
|
script_security
|
Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attacker…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-57280
|
2026-06-27 04:59 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
747
|
4.3 |
MEDIUM
Network
|
hono
|
hono
|
hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers can craft speci…
|
CWE-79
Cross-site Scripting
|
CVE-2026-56761
|
2026-06-27 04:59 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
748
|
7.5 |
HIGH
Network
|
docling
|
docling
|
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP …
|
CWE-22
Path Traversal
|
CVE-2026-44017
|
2026-06-27 04:58 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
749
|
7.5 |
HIGH
Network
|
docling
|
docling
|
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard …
|
CWE-776
XML Entity Expansion
|
CVE-2026-44020
|
2026-06-27 04:58 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
750
|
5.5 |
MEDIUM
Local
|
docling
|
docling
|
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \includegraphic…
|
CWE-22
Path Traversal
|
CVE-2026-44022
|
2026-06-27 04:58 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
