7.5
CVE-2026-30653 - Remote Denial of Service via Authentication Failure Handler in Free5GC AMF
An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF
7.5
CVE-2026-33554 - freeipmi: buffer overflows on response messages via ipmi-oem
ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system manageme…
6.5
CVE-2026-30662 - ConcreteCMS Bulk Download OOM Denial of Service
ConcreteCMS v9.4.7 contains a Denial of Service (DoS) vulnerability in the File Manager component. The 'download' method in 'concrete/controllers/backend/file.php' improperly manages memory when creating zip archives. It uses 'ZipArchive::addFromString' combined with 'file_get_contents', which load…
6.1
CVE-2026-30661 - Cross‑Site Scripting via regip/Loginip Parameters in iCMS v8.0.0
iCMS v8.0.0 contains a Cross-Site Scripting (XSS) vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script or HTML via the regip or loginip parameters.
6.5
CVE-2026-30655 - Unauthenticated SQL Injection Exposing Sensitive Data in esiclivre Reset Function
SQL injection in Solicitante::resetaSenha() in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php
8.8
CVE-2026-29839 - Cross‑Site Request Forgery in DedeCMS 5.7.118 /sys_task_add.php
DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability in /sys_task_add.php.
4.3
CVE-2026-33290 - WPGraphQL Repo's updateComment allows low-privileged authenticated users to change comment moderati…
WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user (including a custom role with zero capabilities) to change moderation status of their own comment (for example to APPROVE) without the mo…
9.6
CVE-2026-33211 - Tekton Pipelines git resolver has path traversal that allows reading arbitrary files from the resol…
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A tenant with permissi…
9.1
CVE-2026-33286 - Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names
Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary rel…
6.5
CVE-2026-33283 - Ella Core panics on malformed ULNASTransport Message without a Request Type
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages without a Request Type. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscrib…