|
741
|
3.5 |
LOW
Network
|
-
|
-
|
The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store Locator WordPress plugin before 1.6.9 admin page, all…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9061
|
2026-06-16 01:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
742
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH /server/{id} accepts and persists nonexistent ddns_p…
|
CWE-863
Incorrect Authorization
|
CVE-2026-53521
|
2026-06-16 01:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
743
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery (SSRF) vulnerability in the radio station creation endpoint (POST /api/radio/…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-50552
|
2026-06-16 01:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
744
|
7.3 |
HIGH
Network
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the Editor role can co…
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-45011
|
2026-06-16 01:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
745
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in h…
|
CWE-285
CWE-939
Improper Authorization
Improper Authorization in Handler for Custom URL Scheme
|
CVE-2026-12189
|
2026-06-16 01:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
746
|
4.8 |
MEDIUM
Adjacent
|
-
|
-
|
Zephyr's native TCP stack iterates the global connection list in net_tcp_foreach() (subsys/net/ip/tcp.c) using the SYS_SLIST_FOR_EACH_CONTAINER_SAFE macro, which caches a pointer to the next list nod…
|
CWE-416
Use After Free
|
CVE-2026-10634
|
2026-06-16 01:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
747
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions.
|
CWE-79
Cross-site Scripting
|
CVE-2025-15659
|
2026-06-16 01:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
748
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions.
|
CWE-79
Cross-site Scripting
|
CVE-2025-15658
|
2026-06-16 01:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
749
|
5.3 |
MEDIUM
Network
|
axios
|
axios
|
Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., config.proxy) are still constructed as plain {} with Obj…
|
CWE-113
CWE-1321
HTTP Response Splitting
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-44489
|
2026-06-16 01:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
750
|
7.5 |
HIGH
Network
|
vllm
|
vllm
|
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in the `VideoMediaIO.load_base64()` method. When processi…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-5497
|
2026-06-16 01:11 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
