|
961
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an e…
New
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-25555
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
962
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by …
New
|
CWE-22
Path Traversal
|
CVE-2026-25559
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
963
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files (.bat.ps1.sh) through the File…
New
|
CWE-78
OS Command
|
CVE-2026-25855
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
964
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C# code on the server host by creating or modifyin…
New
|
CWE-94
Code Injection
|
CVE-2026-25856
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
965
|
6.5 |
MEDIUM
Network
|
-
|
-
|
OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy sour…
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-39908
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
966
|
9.8 |
CRITICAL
Network
|
-
|
-
|
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary…
New
|
CWE-862
Missing Authorization
|
CVE-2026-39910
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
967
|
9.4 |
CRITICAL
Network
|
-
|
-
|
AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequen…
New
|
CWE-22
Path Traversal
|
CVE-2026-41448
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
968
|
- |
|
-
|
-
|
A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authe…
New
|
CWE-78
OS Command
|
CVE-2026-8913
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
969
|
7.5 |
HIGH
Network
|
-
|
-
|
Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins() functio…
New
|
CWE-78
OS Command
|
CVE-2026-40519
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
970
|
7.1 |
HIGH
Network
|
-
|
-
|
WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by su…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-49141
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
