|
261
|
- |
|
-
|
-
|
pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed out…
New
|
CWE-22
Path Traversal
|
CVE-2026-8643
|
2026-06-2 23:17 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262
|
9.8 |
CRITICAL
Network
|
joomla
|
joomla\!
|
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
Update
|
NVD-CWE-noinfo
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-48902
|
2026-06-2 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263
|
- |
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST_LOG=debug sensit…
Update
|
CWE-312
CWE-532
Cleartext Storage of Sensitive Information
Inclusion of Sensitive Information in Log Files
|
CVE-2026-45040
|
2026-06-2 23:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264
|
7.5 |
HIGH
Network
|
portainer
|
portainer
|
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before …
Update
|
CWE-598
Information Exposure Through Query Strings in GET Request
|
CVE-2026-44883
|
2026-06-2 23:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265
|
8.8 |
HIGH
Network
|
-
|
-
|
A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}` allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names (…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-42359
|
2026-06-2 23:16 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266
|
- |
|
-
|
-
|
Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets th…
New
|
CWE-20
CWE-863
Improper Input Validation
Incorrect Authorization
|
CVE-2026-22872
|
2026-06-2 23:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267
|
7.8 |
HIGH
Local
|
-
|
-
|
In approvalLevelForDomainInternal of DomainVerificationService.java, there is a possible way to hijack an arbitrary app link due to a logic error in the code. This could lead to local escalation of p…
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-0087
|
2026-06-2 23:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268
|
7.8 |
HIGH
Local
|
-
|
-
|
In bta_jv_rfcomm_connect of bta_jv_act.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no add…
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-0045
|
2026-06-2 23:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269
|
7.8 |
HIGH
Local
|
-
|
-
|
In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution priv…
New
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2026-0036
|
2026-06-2 23:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270
|
6.2 |
MEDIUM
Local
|
-
|
-
|
In multiple locations, there is a possible tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-0009
|
2026-06-2 23:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
