Category Wire

​CVE ID :CVE-2026-46509 Published : May 28, 2026, 7:16 p.m. | 31 minutes ago Description :deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain __proto__ The property path must not…

​CVE ID :CVE-2026-45044 Published : May 28, 2026, 7:16 p.m. | 31 minutes ago Description :RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing…

​CVE ID :CVE-2026-4868 Published : May 27, 2026, 7:16 p.m. | 27 minutes ago Description :GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions,…

​CVE ID :CVE-2026-5509 Published : May 27, 2026, 6:16 p.m. | 1 hour, 26 minutes ago Description :An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through…

​CVE ID :CVE-2026-48153 Published : May 27, 2026, 6:16 p.m. | 1 hour, 26 minutes ago Description :Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping…

​CVE ID :CVE-2026-48152 Published : May 27, 2026, 6:16 p.m. | 1 hour, 26 minutes ago Description :Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission…

​CVE ID :CVE-2026-48150 Published : May 27, 2026, 6:16 p.m. | 1 hour, 26 minutes ago Description :Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for…

​CVE ID :CVE-2026-8890 Published : May 26, 2026, 7:16 p.m. | 22 minutes ago Description :code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the…

​CVE ID :CVE-2026-3660 Published : May 26, 2026, 7:16 p.m. | 22 minutes ago Description :IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim Fix 021, 7.1.0 ( through ) Interim Fix 009, and 7.2.0 ( through ) Interim Fix 001…

​CVE ID :CVE-2026-9560 Published : May 26, 2026, 6:16 p.m. | 1 hour, 21 minutes ago Description :Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC…