|
961
|
- |
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.3, a repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the ChangeCol…
|
CWE-193
Off-by-one Error
|
CVE-2026-52804
|
2026-06-26 14:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
962
|
8.8 |
HIGH
Network
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization team member management can be performed via GET requests without CSRF protection. If a victim who is an organization owne…
|
CWE-352
Origin Validation Error
|
CVE-2026-52800
|
2026-06-26 14:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
963
|
6.8 |
MEDIUM
Network
|
-
|
-
|
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, `pnpm install` in non-frozen mode can accept new remote package content after detecting that the downloaded tarball does not match the integrit…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-50573
|
2026-06-26 14:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
964
|
6.8 |
MEDIUM
Network
|
-
|
-
|
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker c…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2026-50021
|
2026-06-26 14:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
965
|
8.8 |
HIGH
Network
|
-
|
-
|
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm later uses th…
|
CWE-23
Relative Path Traversal
|
CVE-2026-50016
|
2026-06-26 14:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
966
|
6.4 |
MEDIUM
Network
|
-
|
-
|
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git depend…
|
CWE-88
Argument Injection
|
CVE-2026-50014
|
2026-06-26 14:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
967
|
6.7 |
MEDIUM
Network
|
-
|
-
|
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, in the visitors.info endpoint, https://devel…
|
CWE-285
Improper Authorization
|
CVE-2026-49278
|
2026-06-26 14:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
968
|
8.8 |
HIGH
Network
|
-
|
-
|
Jellyfin is an open source self hosted media server. From 10.9.0 until 10.11.10, the POST /ClientLog/Document endpoint accepts the Authorization header's Client and Version fields and uses them unsan…
|
CWE-22
Path Traversal
|
CVE-2026-49247
|
2026-06-26 14:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
969
|
8.8 |
HIGH
Network
|
-
|
-
|
Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSub…
|
CWE-88
Argument Injection
|
CVE-2026-48793
|
2026-06-26 14:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
970
|
7.3 |
HIGH
Local
|
-
|
-
|
Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit …
|
CWE-295
Improper Certificate Validation
|
CVE-2026-46734
|
2026-06-26 14:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
