Total
358423 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-46620 | 2026-05-27 | N/A | 6.5 MEDIUM | ||
| e107 is a content management system (CMS). Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how session_handler::check() handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates the token if one happens to be present. If there is no token at all, the check is skipped entirely. This vulnerability is fixed in 2.3.5. | |||||
| CVE-2026-44667 | 2026-05-27 | N/A | 8.7 HIGH | ||
| FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting (XSS) via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and attribute contexts without output encoding, allowing attacker-controlled JavaScript to execute in the browser of any user who opens the affected verification/remediation views. Because the payload is stored server-side and rendered to other users, exploitation is persistent and can impact privileged accounts. This vulnerability is fixed in 1.8.3. | |||||
| CVE-2026-23652 | 1 Microsoft | 1 Power Pages | 2026-05-27 | N/A | 10.0 CRITICAL |
| Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-33843 | 1 Microsoft | 1 Entra Id | 2026-05-27 | N/A | 9.1 CRITICAL |
| Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2026-35430 | 1 Microsoft | 1 Azure Privileged Identity Management | 2026-05-27 | N/A | 8.8 HIGH |
| Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2026-40411 | 1 Microsoft | 1 Azure Virtual Network Gateway | 2026-05-27 | N/A | 9.9 CRITICAL |
| Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network. | |||||
| CVE-2026-40412 | 1 Microsoft | 1 Azure Orbital Spatio | 2026-05-27 | N/A | 10.0 CRITICAL |
| Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2026-42827 | 1 Microsoft | 1 365 Copilot | 2026-05-27 | N/A | 6.5 MEDIUM |
| Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2026-47280 | 1 Microsoft | 1 Azure Resource Manager | 2026-05-27 | N/A | 10.0 CRITICAL |
| Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2026-42348 | 1 Opentelemetry | 1 Opentelemetry.opamp.client | 2026-05-27 | N/A | 5.9 MEDIUM |
| OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This could cause memory exhaustion in the consuming application if the configured OpAMP server is attacker-controlled (or a network attacker can MitM the connection) and an extremely large body is returned in the response. This vulnerability is fixed in 0.2.0-alpha.1. | |||||
| CVE-2018-25357 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2026-05-27 | N/A | 9.8 CRITICAL |
| Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the db_name parameter, then execute commands via the check.php endpoint using the cmd GET parameter. | |||||
| CVE-2026-48694 | 1 Pavel-odintsov | 1 Fastnetmon | 2026-05-27 | N/A | 8.1 HIGH |
| FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniper_plugin/fastnetmon_juniper.php, the $IP_ATTACK variable (received from argv[1]) is directly interpolated into Juniper NETCONF set-configuration commands at lines 69 and 90 without any validation or sanitization. Line 69: $conn->load_set_configuration("set routing-options static route {$IP_ATTACK} community 65535:666 discard"). Line 90: $conn->load_set_configuration("delete routing-options static route {$IP_ATTACK}/32"). An attacker who can control the IP address string can inject additional Juniper CLI configuration commands by embedding newline characters followed by arbitrary set/delete commands. This could modify the router's routing table, firewall filters, user accounts, or any other configuration element accessible via NETCONF. The impact is full router compromise. | |||||
| CVE-2026-48695 | 1 Pavel-odintsov | 1 Fastnetmon | 2026-05-27 | N/A | 8.1 HIGH |
| FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src/mikrotik_plugin/fastnetmon_mikrotik.php (lines 107-108) constructs shell commands by concatenating the $msg parameter directly into exec() calls: exec("echo `date` \"- {FASTNETMON] - " . $msg . " \" >> " . $FILE_LOG_TMP). This is identical in pattern to the Juniper plugin vulnerability. The $msg variable contains unsanitized attack data from command-line arguments. An attacker who can influence argv[] values can inject arbitrary shell commands. The fix is to replace exec() with file_put_contents() or use escapeshellarg(). | |||||
| CVE-2026-48696 | 1 Pavel-odintsov | 1 Fastnetmon | 2026-05-27 | N/A | 6.2 MEDIUM |
| FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689. | |||||
| CVE-2026-4051 | 1 Ibm | 1 Engineering Lifecycle Management | 2026-05-27 | N/A | 7.2 HIGH |
| IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted. | |||||
| CVE-2026-44730 | 1 Citeum | 1 Opencti | 2026-05-27 | N/A | 7.2 HIGH |
| OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL on userEdit relationAdd. This vulnerability is fixed in 6.9.7. | |||||
| CVE-2026-48697 | 1 Pavel-odintsov | 1 Fastnetmon | 2026-05-27 | N/A | 7.4 HIGH |
| FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fast_library.cpp creates a boost::asio::ssl::context with tls_client mode and calls set_default_verify_paths() to load CA certificates, but never calls set_verify_mode(boost::asio::ssl::verify_peer). Without this call, OpenSSL performs the TLS handshake without validating the server's certificate chain, making all HTTPS connections vulnerable to man-in-the-middle attacks. This function is used for telemetry reporting to community-stats.fastnetmon.com, which sends system information including CPU model, kernel version, traffic statistics, and software configuration. An attacker can intercept and modify this data or redirect it to a malicious server. | |||||
| CVE-2026-46745 | 1 Apache | 1 Apache-airflow-providers-fab | 2026-05-27 | N/A | 5.3 MEDIUM |
| Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP authentication until the provider can be updated. | |||||
| CVE-2026-41069 | 1 Struktur | 1 Libheif | 2026-05-27 | N/A | 6.5 MEDIUM |
| libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entry_count == 0 (creating no chunks) while still passing validation because saio.entry_count == 0 matches, but with saiz.sample_count > 0 the SampleAuxInfoReader constructor still enters its loop. This leads to an out-of-bounds dereference on the empty chunks[0] in chunked mode. | |||||
| CVE-2026-41071 | 1 Struktur | 1 Libheif | 2026-05-27 | N/A | 8.1 HIGH |
| libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow (out-of-bounds read) in the SampleAuxInfoReader constructor. The SampleAuxInfoReader constructor iterates over saiz->get_num_samples() samples but doesn't validate that this count is consistent with the number of chunks in the chunks vector. When saiz declares more samples than the chunks cover, the loop increments current_chunk past chunks.size(), causing an out-of-bounds read on the chunks vector. The vulnerability is triggered during file parsing (heif_context_read_from_file) without any additional user interaction. Any application using libheif to open untrusted HEIF files is affected. This issue has been fixed in version 1.22.0. | |||||