Automated cyber signal feeds.
CVE ID :CVE-2026-32847 Published : May 28, 2026, 7:32 p.m. | 16 minutes ago Description :DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in new_ui that allows unauthenticated attackers to read arbitrary files by supplying…
CVE ID :CVE-2026-33590 Published : May 28, 2026, 7:30 p.m. | 18 minutes ago Description :Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint…
CVE ID :CVE-2026-4944 Published : May 28, 2026, 7:16 p.m. | 31 minutes ago Description :vllm-project/vllm version 0.14.1 contains a vulnerability where the `trust_remote_code=True` parameter is hardcoded in two model implementation files (`vllm` and `vllm`). This bypasses the user’s explicit `–trust-remote-code=False`…
CVE ID :CVE-2026-46509 Published : May 28, 2026, 7:16 p.m. | 31 minutes ago Description :deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain __proto__ The property path must not…
CVE ID :CVE-2026-45044 Published : May 28, 2026, 7:16 p.m. | 31 minutes ago Description :RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing…
CVE ID :CVE-2026-4868 Published : May 27, 2026, 7:16 p.m. | 27 minutes ago Description :GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions,…
CVE ID :CVE-2026-5509 Published : May 27, 2026, 6:16 p.m. | 1 hour, 26 minutes ago Description :An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through…
CVE ID :CVE-2026-48153 Published : May 27, 2026, 6:16 p.m. | 1 hour, 26 minutes ago Description :Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping…
CVE ID :CVE-2026-48152 Published : May 27, 2026, 6:16 p.m. | 1 hour, 26 minutes ago Description :Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission…
CVE ID :CVE-2026-48150 Published : May 27, 2026, 6:16 p.m. | 1 hour, 26 minutes ago Description :Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for…