Total
358423 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-9078 | 1 Mozilla | 1 Firefox | 2026-05-28 | N/A | 5.4 MEDIUM |
| Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This vulnerability was fixed in Firefox for iOS 151.1. | |||||
| CVE-2026-42797 | 1 Apache | 1 Syncope | 2026-05-28 | N/A | 4.9 MEDIUM |
| Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related security-sensitive information. This issue affects Apache Syncope: 3.0 through 3.0.16, 4.0 through 4.0.5, 4.1.0. Users are recommended to upgrade to version 4.0.6 / 4.1.1, which fix this issue by further restricting the JEXL expression definition. | |||||
| CVE-2026-46425 | 2026-05-28 | N/A | 9.9 CRITICAL | ||
| Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM (checks the Enterprise feature flag and SCIM config) and doInScimContext (sets the SCIM request context). There is no role check. Any authenticated user who reaches the worker (BASIC role, workspace-scoped builder, anyone) can call SCIM endpoints and CRUD every user and group in the tenant. This vulnerability is fixed in 3.38.2. | |||||
| CVE-2026-43898 | 1 Nyariv | 1 Sandboxjs | 2026-05-28 | N/A | 10.0 CRITICAL |
| SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked host statics, recover the real host Function constructor, and execute arbitrary host JavaScript. This vulnerability is fixed in 0.9.6. | |||||
| CVE-2026-41160 | 2026-05-28 | N/A | 4.3 MEDIUM | ||
| EspoCRM is an open source customer relationship management application. Prior to 9.3.5, a business logic flaw (Broken Access Control) in EspoCRM 9.3.3 allows low-privileged users to pin arbitrary notes without having the required edit permissions for the parent object. Due to a "write first, authorize later" execution flaw in the backend API, even though the server correctly returns a 403 Forbidden error, the targeted note's pinned status is already persistently modified in the database. The root cause lies in the server-side processing of the POST /api/v1/Note/{id}/pin endpoint. In application/Espo/Tools/Stream/Api/PostNotePin.php, the process() method first calls getNote($id) before calling checkParent($note). This vulnerability is fixed in 9.3.5. | |||||
| CVE-2026-41141 | 2026-05-28 | N/A | 6.5 MEDIUM | ||
| EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning entity (Contact, Lead, Account, or User) without performing an ACL check. An authenticated user with EmailTemplate read permission can extract all field values of any entity by supplying the target's email address, bypassing read: own or read: team ACL restrictions. This vulnerability is fixed in 9.3.5. | |||||
| CVE-2026-44468 | 1 Codesys | 1 Development System | 2026-05-28 | N/A | 7.8 HIGH |
| The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary components. | |||||
| CVE-2026-44469 | 1 Codesys | 1 Development System | 2026-05-28 | N/A | 7.8 HIGH |
| The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before installation, resulting in local privilege escalation. | |||||
| CVE-2026-25104 | 1 Mediaarea | 1 Mediainfolib | 2026-05-28 | N/A | 7.8 HIGH |
| MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability | |||||
| CVE-2026-25713 | 1 Mediaarea | 1 Mediainfolib | 2026-05-28 | N/A | 7.8 HIGH |
| MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability | |||||
| CVE-2026-48896 | 1 Joomla | 1 Joomla\! | 2026-05-28 | N/A | 7.5 HIGH |
| Insufficient state checks lead to a vector that allows to bypass 2FA checks. | |||||
| CVE-2026-48897 | 1 Joomla | 1 Joomla\! | 2026-05-28 | N/A | 7.5 HIGH |
| Insufficient state checks lead to a vector that allows to bypass 2FA checks. | |||||
| CVE-2026-48901 | 1 Joomla | 1 Joomla\! | 2026-05-28 | N/A | 7.5 HIGH |
| The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key. | |||||
| CVE-2026-44798 | 1 Networktocode | 1 Nautobot | 2026-05-28 | N/A | 7.1 HIGH |
| Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the current_head field on the record, which was not intended to be user-editable. Doing so could cause Nautobot's local clone(s) of the relevant repository to checkout a commit other than the latest commit on the specified branch (resulting in misleading state), or potentially to be unable to make use of the repository at all (until manually remediated) due to the current_head pointing to a nonexistent commit hash or malformed value. This vulnerability is fixed in 2.4.33 and 3.1.2. | |||||
| CVE-2026-48864 | 2 Opensuse, Redhat | 6 Libsolv, Enterprise Linux, Hardened Images and 3 more | 2026-05-28 | N/A | 7.8 HIGH |
| A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service. | |||||
| CVE-2026-42082 | 1 Free5gc | 1 Free5gc | 2026-05-28 | N/A | 3.7 LOW |
| free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 ยง6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command, and vice versa. This can lead to mismatches between NAS and AS security contexts in the network and the UE. This vulnerability is fixed in 4.2.2. | |||||
| CVE-2026-47759 | 1 Tiny | 1 Tinymce | 2026-05-28 | N/A | 8.7 HIGH |
| TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce-* attributes (data-mce-href, data-mce-src, data-mce-style). Allows attackers to inject malicious values that override safe attributes during serialization, bypassing validation. This vulnerability is fixed in 5.11.1, 7.9.3, and 8.5.1. | |||||
| CVE-2026-47760 | 1 Tiny | 1 Tinymce | 2026-05-28 | N/A | 8.7 HIGH |
| TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This vulnerability is fixed in 7.1.0. | |||||
| CVE-2026-47761 | 1 Tiny | 1 Tinymce | 2026-05-28 | N/A | 8.7 HIGH |
| TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce-* attributes, which are executed when content is rendered. Impacts users of TinyMCE with the media plugin enabled. This vulnerability is fixed in 5.11.1, 7.9.3, and 8.5.1. | |||||
| CVE-2026-47762 | 1 Tiny | 1 Tinymce | 2026-05-28 | N/A | 8.7 HIGH |
| TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. This vulnerability is fixed in 5.11.1, 7.9.3, and 8.5.1. | |||||