admin

Joined: May 9, 2026
Articles: 110

Wire

CVE-2026-9051 – Authentication Bypass Vulnerability in NI SystemLink Enterprise

CVE ID :CVE-2026-9051 Published : May 29, 2026, 7:16 p.m. | 35 minutes ago Description :There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to…

admin
May 30, 2026

Wire

CVE-2026-49368 – “JetBrains YouTrack Stored XSS Vulnerability in Project Notification Templates”

CVE ID :CVE-2026-49368 Published : May 29, 2026, 7:16 p.m. | 35 minutes ago Description :In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible Severity: 8.7 | HIGH Visit the link for more details, such as CVSS…

admin
May 30, 2026

Wire

CVE-2026-49367 – JetBrains IntelliJ IDEA Command Execution Vulnerability

CVE ID :CVE-2026-49367 Published : May 29, 2026, 7:16 p.m. | 35 minutes ago Description :In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account Severity: 8.0 | HIGH Visit the link for more details, such…

admin
May 30, 2026

Wire

CVE-2026-47744 – Shopper: Authorization bypass and RBAC privilege escalation in team settings

CVE ID :CVE-2026-47744 Published : May 29, 2026, 7:16 p.m. | 35 minutes ago Description :Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over…

admin
May 30, 2026

Wire

CVE-2026-47740 – Shopper: Authorization bypass in multiple Livewire admin components

CVE ID :CVE-2026-47740 Published : May 29, 2026, 7:16 p.m. | 35 minutes ago Description :Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an…

admin
May 30, 2026

Wire

CVE-2026-32847 – DeepCode 1.2.0 Path Traversal via SPA Catch-All Route in main.py

CVE ID :CVE-2026-32847 Published : May 28, 2026, 7:32 p.m. | 16 minutes ago Description :DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in new_ui that allows unauthenticated attackers to read arbitrary files by supplying…

admin
May 29, 2026

Wire

CVE-2026-33590 – Insecure default permissions in Portainer CE

CVE ID :CVE-2026-33590 Published : May 28, 2026, 7:30 p.m. | 18 minutes ago Description :Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint…

admin
May 29, 2026

Wire

CVE-2026-4944 – Hardcoded trust_remote_code=True in vllm-project/vllm Bypasses User Security Control

CVE ID :CVE-2026-4944 Published : May 28, 2026, 7:16 p.m. | 31 minutes ago Description :vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remote_code=True` parameter is hardcoded in two model implementation files (`vllm` and `vllm`). This bypasses the user’s explicit `–trust-remote-code=False`…

admin
May 29, 2026

Wire

CVE-2026-46509 – deepobj: Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’)

CVE ID :CVE-2026-46509 Published : May 28, 2026, 7:16 p.m. | 31 minutes ago Description :deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain __proto__ The property path must not…

admin
May 29, 2026

Wire

CVE-2026-45044 – RustFS: Authentication bypass in /profile/cpu and /profile/memory allows unauthenticated access to profiling handlers

CVE ID :CVE-2026-45044 Published : May 28, 2026, 7:16 p.m. | 31 minutes ago Description :RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing…

admin
May 29, 2026