|
1651
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be vulnerable to a Denial of Service (DoS) attack if the evaluation of a SpEL expression triggers unbounded c…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41851
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1652
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 …
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-41853
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1653
|
4.2 |
MEDIUM
Network
|
-
|
-
|
Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery (SSRF) attack.
A…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41854
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1654
|
8.1 |
HIGH
Network
|
-
|
-
|
In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary cl…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-41855
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1655
|
7.1 |
HIGH
Local
|
-
|
-
|
A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), S…
|
CWE-313
Cleartext Storage in a File or on Disk
|
CVE-2026-24349
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1656
|
6.1 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All version…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2025-40808
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1657
|
4.7 |
MEDIUM
Local
|
-
|
-
|
A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbi…
|
CWE-22
Path Traversal
|
CVE-2026-52902
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1658
|
- |
|
-
|
-
|
When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content…
|
CWE-79
CWE-436
Cross-site Scripting
Interpretation Conflict
|
CVE-2026-47344
|
2026-06-9 22:46 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1659
|
- |
|
-
|
-
|
Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.
|
CWE-79
Cross-site Scripting
|
CVE-2026-47345
|
2026-06-9 22:46 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1660
|
- |
|
-
|
-
|
Backend users with access to the Form Framework were able to use files not ending in .form.yaml as form definitions, which were processed without denying the incorrect file extension. Maliciously cra…
|
CWE-862
Missing Authorization
|
CVE-2026-11607
|
2026-06-9 22:46 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
