jell.ie CVEs
Read at: 2026-06-03T17:38:31+00:00
CVE ID :CVE-2026-6657
Published : June 3, 2026, 4:16 p.m. | 1 hour, 2 minutes ago
Description :A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the `allow_origin_pat` configuration is used. The issue arises from the use of `re.match()` for validating the `Origin` header, which only anchors at the start of the string. This allows attacker-controlled domains such as `trusted.example.com.evil.com` to pass validation against patterns intended to match `trusted.example.com`. The vulnerability affects multiple locations in the codebase, including CORS headers, WebSocket connections, referer validation, and login redirects, potentially enabling phishing attacks, arbitrary code execution, and unauthorized access to sensitive API responses.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42321
Published : June 3, 2026, 4:16 p.m. | 1 hour, 2 minutes ago
Description :GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-44281
Published : June 3, 2026, 4:16 p.m. | 1 hour, 2 minutes ago
Description :GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42320
Published : June 3, 2026, 4:16 p.m. | 1 hour, 2 minutes ago
Description :GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPI_DOC_DIR. Upgrade to 10.0.25 or 11.0.7 to receive a patch.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42318
Published : June 3, 2026, 4:16 p.m. | 1 hour, 2 minutes ago
Description :GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with access to planning can delete any object in GLPI. Upgrade to 11.0.7 or 10.0.25 to receive a patch. As a workaround, disable delete rights for User's planning.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42317
Published : June 3, 2026, 4:16 p.m. | 1 hour, 2 minutes ago
Description :GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the webserver has write rights on them. Upgrade to 10.0.25 or 11.0.7 to receive a patch.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3276
Published : June 3, 2026, 4:16 p.m. | 1 hour, 2 minutes ago
Description :unicodedata.normalize() can take excessive CPU time when processing
specially crafted Unicode input containing long runs of combining characters
with alternating Canonical Combining Class values.
This affects all normalization forms.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-37462
Published : June 3, 2026, 4:16 p.m. | 1 hour, 2 minutes ago
Description :An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-36748
Published : June 3, 2026, 4:16 p.m. | 1 hour, 2 minutes ago
Description :RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-36576
Published : June 3, 2026, 4:16 p.m. | 1 hour, 2 minutes ago
Description :An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-36574
Published : June 3, 2026, 4:16 p.m. | 1 hour, 2 minutes ago
Description :A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2022-31114
Published : June 3, 2026, 4:16 p.m. | 1 hour, 2 minutes ago
Description :backpack/crud provides Create, Read, Update & Delete (CRUD) functions for Backpack, a collection of Laravel packages that help users build custom administration panels. Versions prior to 5.0.13, 4.1.69, and 4.0.63 are vulnerable to cross-site scripting. An attacker could conduct a targeted phishing campaign, in order to trick users or admins into clicking a malicious link, which under very specific circumstances could give them information or possibly admin access. Versions 5.0.13, 4.1.69, and 4.0.63 patch the issue. As a workaround, manually look inside error views in `resources/views/errors` and output `e($exception->getMessage())` instead of `$exception->getMessage()`.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8404
Published : June 3, 2026, 2:16 p.m. | 3 hours, 2 minutes ago
Description :An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.
`django.middleware.cache.UpdateCacheMiddleware` in Django does not match `Cache-Control` response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their `Cache-Control` directives used uppercase or mixed-case values.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Ahmed Badawe for reporting this issue.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7666
Published : June 3, 2026, 2:16 p.m. | 3 hours, 2 minutes ago
Description :An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.
`django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent reuse of a partially-initialized connection after a failed `STARTTLS` handshake when `fail_silently=True`, which allows on-path network attackers to read email content via cleartext interception.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Kasper Dupont for reporting this issue.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6873
Published : June 3, 2026, 2:16 p.m. | 3 hours, 2 minutes ago
Description :An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.
`django.http.HttpRequest.get_signed_cookie` in Django uses a non-injective salt derivation (concatenating the cookie name and salt argument), which allows a remote attacker to use a cookie in a context different from the one where it was signed, via distinct `(name, salt)` pairs that produce the same concatenation.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Peng Zhou for reporting this issue.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-5241
Published : June 3, 2026, 2:16 p.m. | 3 hours, 2 minutes ago
Description :A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the `trust_remote_code` parameter, intended to prevent remote code execution, is overridden by untrusted serialized configuration data in a nested code path. Specifically, when loading a LightGlue model using `AutoModel.from_pretrained()` with `trust_remote_code=False`, the `LightGlueConfig` reads the `trust_remote_code` value from the untrusted `config.json` file and propagates it into nested `AutoConfig.from_pretrained()` calls. This results in the execution of attacker-provided Python modules, even when the victim explicitly disables remote code execution. The vulnerability poses a high risk for environments such as API inference servers, research notebooks, CI/CD pipelines, and model evaluation workers, potentially leading to credential theft, lateral movement, or persistence/backdoor deployment.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-48587
Published : June 3, 2026, 2:16 p.m. | 3 hours, 2 minutes ago
Description :An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.
`django.utils.cache.has_vary_header()` in Django does not strip leading or trailing whitespace from `Vary` response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose responses contain whitespace-padded Vary header values.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Navid Rezazadeh for reporting this issue.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-47325
Published : June 3, 2026, 2:16 p.m. | 3 hours, 2 minutes ago
Description :ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth (e.g., 12072000 for 12 July 2000). The application does not require or prompt users to change the password upon first login. This behavior allows attackers to easily guess or derive valid credentials, leading to unauthorized account access.
The maintainers were notified early about this vulnerability but did not provide details regarding affected versions. The version corresponding to commit 6b6fae5 was tested and confirmed vulnerable; other versions were not tested and may also be affected.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-47324
Published : June 3, 2026, 2:16 p.m. | 3 hours, 2 minutes ago
Description :ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting (XSS) in multiple attributes of students and teachers objects. An authorized attacker (e.g., a teacher or administrator) can inject malicious JavaScript that is subsequently executed in other users’ browsers.
Critically, when chained with CVE‑2025‑11661, which allows unauthenticated access to backend endpoints, this vulnerability can be exploited by a remote attacker without privileges to inject and execute arbitrary JavaScript.
The maintainers were notified early about this vulnerability but did not provide details regarding affected versions. The version corresponding to commit 6b6fae5 was tested and confirmed vulnerable; other versions were not tested and may also be affected.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-44546
Published : June 3, 2026, 2:16 p.m. | 3 hours, 2 minutes ago
Description :daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines(). An attacker can exploit this parser differential to inject additional headers into the ASGI scope passed to the application. daphne now rejects requests with these bytes in any header value with a 400 response.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-44545
Published : June 3, 2026, 2:16 p.m. | 3 hours, 2 minutes ago
Description :daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 (unlimited), an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory consumption and a denial of service.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-37460
Published : June 3, 2026, 2:16 p.m. | 3 hours, 2 minutes ago
Description :Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-35193
Published : June 3, 2026, 2:16 p.m. | 3 hours, 2 minutes ago
Description :An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.
`django.middleware.cache.UpdateCacheMiddleware` in Django does not add `Authorization` to the `Vary` response header for requests bearing that header without `Cache-Control: public`, which allows remote attackers to read private cached responses via unauthenticated requests to the same URL.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Shai Berger for reporting this issue.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10729
Published : June 3, 2026, 2:16 p.m. | 3 hours, 2 minutes ago
Description :An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that render HTML emails.
This issue affects Canarytokens: from Docker tag sha-c42435e before sha-bfda4df, from Git commit c42435e before bfda4df.
Severity: 1.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-70101
Published : June 3, 2026, 2:16 p.m. | 3 hours, 2 minutes ago
Description :An out-of-bounds read in the ext4_ext_binsearch_idx function in src/ext4_extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before performing a binary search over extent index entries, which can result in invalid pointer calculations and an out-of-bounds memory read during extent tree traversal.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 5.0
AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H severity vulnerability discovered by 'Hamdi' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 5.0
AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H severity vulnerability discovered by 'hamdi' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kağan Çapar (kagancapar)' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 5.0
AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H severity vulnerability discovered by 'hamdi' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 5.0
AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H severity vulnerability discovered by 'Hamdi' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'winters0x64' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 5.0
AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H severity vulnerability discovered by 'hamdi' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Natnael Samson (@NattiSamson)' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 5.0
AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H severity vulnerability discovered by 'hamdi' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Xander Mackenzie | @thetrueartist.co.uk' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 3.3
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 's3zer0' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 5.0
AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H severity vulnerability discovered by 'Hamdi' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Nicholas Zubrisky (@NZubrisky) of TrendAI Research' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mark Vincent Yason (markyason.github.io)' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 5.0
AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H severity vulnerability discovered by 'hamdi' was reported to the affected vendor on: 2026-06-02, 1 days ago. The vendor is given until 2026-09-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-05-29, 5 days ago. The vendor is given until 2026-09-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-05-29, 5 days ago. The vendor is given until 2026-09-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-05-29, 5 days ago. The vendor is given until 2026-09-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-05-29, 5 days ago. The vendor is given until 2026-09-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-05-29, 5 days ago. The vendor is given until 2026-09-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-05-29, 5 days ago. The vendor is given until 2026-09-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-05-29, 5 days ago. The vendor is given until 2026-09-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 3.8
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L severity vulnerability discovered by '0xDACA (Daniel Cohen Hillel)' was reported to the affected vendor on: 2026-05-29, 5 days ago. The vendor is given until 2026-09-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 6.5
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H severity vulnerability discovered by '0xDACA (Daniel Cohen Hillel)' was reported to the affected vendor on: 2026-05-29, 5 days ago. The vendor is given until 2026-09-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-05-29, 5 days ago. The vendor is given until 2026-09-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 8.4
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H severity vulnerability discovered by '0xDACA (Daniel Cohen Hillel)' was reported to the affected vendor on: 2026-05-29, 5 days ago. The vendor is given until 2026-09-26 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 6.0
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N severity vulnerability discovered by 'Lucas Leong (@_wmliang_) of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-05-28, 6 days ago. The vendor is given until 2026-09-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'David Bors (@davidxbors), Catalin Iovita (@ciovita)' was reported to the affected vendor on: 2026-05-28, 6 days ago. The vendor is given until 2026-09-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by 'Jonathan Lein of TrendAI Research' was reported to the affected vendor on: 2026-05-28, 6 days ago. The vendor is given until 2026-09-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Jonathan Lein of TrendAI Research' was reported to the affected vendor on: 2026-05-28, 6 days ago. The vendor is given until 2026-09-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Richard Chen of TrendAI Research' was reported to the affected vendor on: 2026-05-28, 6 days ago. The vendor is given until 2026-09-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 4.7
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by 'HeeChan Kim (@heegong123) of TeamH4C' was reported to the affected vendor on: 2026-05-28, 6 days ago. The vendor is given until 2026-09-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by 'pl4tyz' was reported to the affected vendor on: 2026-05-28, 6 days ago. The vendor is given until 2026-09-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-45207.
This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-45206.
This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-34927.
This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-34930.
This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-34929.
This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-34928.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'winters0x64' was reported to the affected vendor on: 2026-05-28, 6 days ago. The vendor is given until 2026-09-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
This vulnerability allows local attackers to escalate privileges on affected installations of TrendAI Vision One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-45208.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Nurihan Kim (HanTul), Hyeon-gyu Lee (hy30nq)' was reported to the affected vendor on: 2026-05-25, 9 days ago. The vendor is given until 2026-09-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-05-22, 12 days ago. The vendor is given until 2026-09-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Nicholas Zubrisky (@NZubrisky) of TrendAI Research' was reported to the affected vendor on: 2026-05-22, 12 days ago. The vendor is given until 2026-09-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 4.7
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L severity vulnerability discovered by 'Nicholas Zubrisky (@NZubrisky) of TrendAI Research' was reported to the affected vendor on: 2026-05-22, 12 days ago. The vendor is given until 2026-09-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Nicholas Zubrisky (@NZubrisky) of TrendAI Research' was reported to the affected vendor on: 2026-05-22, 12 days ago. The vendor is given until 2026-09-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 6.5
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N severity vulnerability discovered by 'Hyunwoo' was reported to the affected vendor on: 2026-05-22, 12 days ago. The vendor is given until 2026-09-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H severity vulnerability discovered by 'zent' was reported to the affected vendor on: 2026-05-22, 12 days ago. The vendor is given until 2026-09-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-05-22, 12 days ago. The vendor is given until 2026-09-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Javohir Abduxalilov (JavaSec.uz)' was reported to the affected vendor on: 2026-05-22, 12 days ago. The vendor is given until 2026-09-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H severity vulnerability discovered by 'zent' was reported to the affected vendor on: 2026-05-22, 12 days ago. The vendor is given until 2026-09-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 8.5
AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'GangMin Kim' was reported to the affected vendor on: 2026-05-22, 12 days ago. The vendor is given until 2026-09-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-05-22, 12 days ago. The vendor is given until 2026-09-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Nicholas Zubrisky (@NZubrisky) of TrendAI Research' was reported to the affected vendor on: 2026-05-22, 12 days ago. The vendor is given until 2026-09-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.1
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L severity vulnerability discovered by 'GangMin Kim' was reported to the affected vendor on: 2026-05-22, 12 days ago. The vendor is given until 2026-09-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.1
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L severity vulnerability discovered by 'GangMin Kim' was reported to the affected vendor on: 2026-05-22, 12 days ago. The vendor is given until 2026-09-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.5
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Nicholas Zubrisky (@NZubrisky) of TrendAI Research' was reported to the affected vendor on: 2026-05-22, 12 days ago. The vendor is given until 2026-09-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'quangdm' was reported to the affected vendor on: 2026-05-22, 12 days ago. The vendor is given until 2026-09-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by '06fe5fd2bc53027c4a3b7e395af0b850e7b8a044' was reported to the affected vendor on: 2026-05-21, 13 days ago. The vendor is given until 2026-09-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Lays (@_L4ys) of TRAPA Security' was reported to the affected vendor on: 2026-05-21, 13 days ago. The vendor is given until 2026-09-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-3518.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2026-05-21, 13 days ago. The vendor is given until 2026-09-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2026-05-21, 13 days ago. The vendor is given until 2026-09-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2026-05-21, 13 days ago. The vendor is given until 2026-09-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2026-05-21, 13 days ago. The vendor is given until 2026-09-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2026-05-21, 13 days ago. The vendor is given until 2026-09-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by '06fe5fd2bc53027c4a3b7e395af0b850e7b8a044' was reported to the affected vendor on: 2026-05-21, 13 days ago. The vendor is given until 2026-09-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
A CVSS score 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2026-05-21, 13 days ago. The vendor is given until 2026-09-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2026-3517.
count: 100