Security Vulnerabilities
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src/mikrotik_plugin/fastnetmon_mikrotik.php (lines 107-108) constructs shell commands by concatenating the $msg parameter directly into exec() calls: exec("echo `date` \"- {FASTNETMON] - " . $msg . " \" >> " . $FILE_LOG_TMP). This is identical in pattern to the Juniper plugin vulnerability. The $msg variable contains unsanitized attack data from command-line arguments. An attacker who can influence argv[] values can inject arbitrary shell commands. The fix is to replace exec() with file_put_contents() or use escapeshellarg().
CVSS Score
8.1
EPSS Score
0.001
Published
2026-05-26
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL on userEdit relationAdd. This vulnerability is fixed in 6.9.7.
CVSS Score
7.2
EPSS Score
0.001
Published
2026-05-26
Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. This vulnerability is fixed in 7.29.4 and 8.0.0-alpha.13.
CVSS Score
8.2
EPSS Score
0.0
Published
2026-05-26
NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering compiler or processor memory instructions. A successful exploit of this vulnerability might lead to denial of service.
CVSS Score
4.7
EPSS Score
0.0
Published
2026-05-26
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-05-26
An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
CVSS Score
8.2
EPSS Score
0.0
Published
2026-05-26
Lack of input filtering leads to an XSS vector in the HTML filter code.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-05-26
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-05-26
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-05-26
A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-05-26