|
1191
|
8.1 |
HIGH
Network
|
-
|
-
|
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG …
|
CWE-79
CWE-434
Cross-site Scripting
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-46489
|
2026-06-12 20:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1192
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Ap…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-11561
|
2026-06-12 19:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1193
|
- |
|
-
|
-
|
QTS, QuTS hero, QuTScloud are not affected.
We have already fixed the vulnerability in the following version:
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2025-59382
|
2026-06-12 11:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1194
|
7.5 |
HIGH
Network
|
nlnetlabs
|
routinator
|
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes.
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2026-49235
|
2026-06-12 10:37 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1195
|
7.5 |
HIGH
Network
|
nlnetlabs
|
routinator
|
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name …
|
CWE-22
Path Traversal
|
CVE-2026-49233
|
2026-06-12 10:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1196
|
7.5 |
HIGH
Network
|
nlnetlabs
|
routinator
|
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes.
This only affects users who allow API access from untrusted n…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-49234
|
2026-06-12 10:28 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1197
|
6.5 |
MEDIUM
Network
|
nsa
|
ghidra
|
Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operation…
|
CWE-22
Path Traversal
|
CVE-2026-52756
|
2026-06-12 10:18 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1198
|
4.4 |
MEDIUM
Local
|
nsa
|
ghidra
|
Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafti…
|
CWE-416
Use After Free
|
CVE-2026-52757
|
2026-06-12 10:10 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1199
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attacke…
|
CWE-601
Open Redirect
|
CVE-2026-53440
|
2026-06-12 10:03 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1200
|
5.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenki…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2026-53442
|
2026-06-12 09:59 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
