|
321
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravel_invoice_edit_account() AJAX action in versions up to, and including, 1…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-12415
|
2026-06-27 14:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
322
|
9.6 |
CRITICAL
Network
|
-
|
-
|
A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker mess…
New
|
CWE-862
Missing Authorization
|
CVE-2026-11807
|
2026-06-27 14:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
323
|
7.5 |
HIGH
Network
|
-
|
-
|
Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that v…
New
|
CWE-200
CWE-668
Information Exposure
Exposure of Resource to Wrong Sphere
|
CVE-2026-57231
|
2026-06-27 13:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
324
|
7.1 |
HIGH
Local
|
rtklib
|
rtklib
|
RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-56788
|
2026-06-27 13:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
325
|
8.8 |
HIGH
Network
|
-
|
-
|
Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and mod…
New
|
CWE-862
Missing Authorization
|
CVE-2026-56773
|
2026-06-27 13:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
326
|
4.3 |
MEDIUM
Network
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of …
New
|
CWE-862
Missing Authorization
|
CVE-2026-55838
|
2026-06-27 13:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
327
|
6.3 |
MEDIUM
Local
|
-
|
-
|
mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_command from local project config before any trust decision, then executes …
New
|
CWE-78
OS Command
|
CVE-2026-55448
|
2026-06-27 13:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
328
|
8.2 |
HIGH
Network
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an authorization bypass in the bucket replication admin API. The ListRemoteTargetHa…
New
|
CWE-200
CWE-522
CWE-862
CWE-863
Information Exposure
Insufficiently Protected Credentials
Missing Authorization
Incorrect Authorization
|
CVE-2026-55188
|
2026-06-27 13:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
329
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packages/server/src/api/routes/static.ts:24 accepts a builder-uploaded .zip, extracts it with extract-zip…
New
|
CWE-22
CWE-59
Path Traversal
Link Following
|
CVE-2026-54352
|
2026-06-27 13:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
330
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint (GET /api/v1/{tenant}/executions/{executionId}/file/preview) contains …
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-53577
|
2026-06-27 13:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
