|
791
|
- |
|
-
|
-
|
The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptograp…
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-48480
|
2026-06-6 01:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
792
|
6.3 |
MEDIUM
Network
|
-
|
-
|
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application ca…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-42538
|
2026-06-6 01:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
793
|
4.3 |
MEDIUM
Network
|
-
|
-
|
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulate…
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-42540
|
2026-06-6 01:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
794
|
4.3 |
MEDIUM
Network
|
-
|
-
|
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, beca…
|
CWE-650
Trusting HTTP Permission Methods on the Server Side
|
CVE-2026-42543
|
2026-06-6 01:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
795
|
8.2 |
HIGH
Network
|
-
|
-
|
CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static.yml`) uses the `pull_request_target` trigger but dan…
|
CWE-94
Code Injection
|
CVE-2026-41249
|
2026-06-6 01:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
796
|
7.6 |
HIGH
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-edit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41518
|
2026-06-6 01:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
797
|
- |
|
-
|
-
|
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at `/graphql…
|
CWE-285
Improper Authorization
|
CVE-2026-41522
|
2026-06-6 01:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
798
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality N…
|
CWE-287
CWE-306
CWE-1390
Improper Authentication
Missing Authentication for Critical Function
Weak Authentication
|
CVE-2026-6274
|
2026-06-6 00:56 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
799
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL wi…
|
CWE-176
Improper Handling of Unicode Encoding
|
CVE-2025-71316
|
2026-06-6 00:56 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
800
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Out of bounds read and write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: C…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2026-10881
|
2026-06-6 00:49 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
