|
731
|
7.5 |
HIGH
Network
|
mongodb
|
mongodb
|
A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain n…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-9740
|
2026-06-16 01:55 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
732
|
7.6 |
HIGH
Network
|
splunk
|
splunk
splunk_cloud_platform
|
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privile…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-20252
|
2026-06-16 01:51 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
733
|
5.5 |
MEDIUM
Local
|
mongodb
|
mongodb
|
MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parame…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-9735
|
2026-06-16 01:46 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
734
|
9.8 |
CRITICAL
Network
|
apache
|
cxf
|
Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band (OOB)
external entity res…
|
CWE-611
XXE
|
CVE-2026-49875
|
2026-06-16 01:32 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
735
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from pr…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-12026
|
2026-06-16 01:32 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
736
|
8.2 |
HIGH
Network
|
axios
|
axios
|
Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When Object.prototype is polluted by an upstream…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-44490
|
2026-06-16 01:31 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
737
|
7.5 |
HIGH
Network
|
-
|
-
|
Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed c…
|
CWE-78
OS Command
|
CVE-2026-9863
|
2026-06-16 01:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
738
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Fortra's
Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to c…
|
CWE-78
OS Command
|
CVE-2026-9862
|
2026-06-16 01:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
739
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticat…
|
-
|
CVE-2026-9278
|
2026-06-16 01:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
740
|
3.4 |
LOW
Network
|
-
|
-
|
The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary `.php` files from…
|
CWE-22
Path Traversal
|
CVE-2026-9062
|
2026-06-16 01:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
