|
581
|
8.1 |
HIGH
Network
|
openstack
|
keystone
|
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federate…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-44394
|
2026-06-2 23:21 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
582
|
- |
|
-
|
-
|
pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed out…
New
|
CWE-22
Path Traversal
|
CVE-2026-8643
|
2026-06-2 23:17 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
583
|
9.8 |
CRITICAL
Network
|
joomla
|
joomla\!
|
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
Update
|
NVD-CWE-noinfo
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-48902
|
2026-06-2 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
584
|
- |
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST_LOG=debug sensit…
Update
|
CWE-312
CWE-532
Cleartext Storage of Sensitive Information
Inclusion of Sensitive Information in Log Files
|
CVE-2026-45040
|
2026-06-2 23:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
585
|
7.5 |
HIGH
Network
|
portainer
|
portainer
|
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before …
Update
|
CWE-598
Information Exposure Through Query Strings in GET Request
|
CVE-2026-44883
|
2026-06-2 23:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
586
|
- |
|
-
|
-
|
Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets th…
New
|
CWE-20
CWE-863
Improper Input Validation
Incorrect Authorization
|
CVE-2026-22872
|
2026-06-2 23:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
587
|
- |
|
-
|
-
|
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attack…
New
|
CWE-77
Command Injection
|
CVE-2024-52011
|
2026-06-2 23:04 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
588
|
- |
|
-
|
-
|
CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path componen…
New
|
CWE-22
Path Traversal
|
CVE-2026-45727
|
2026-06-2 23:04 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
589
|
5.7 |
MEDIUM
Physics
|
-
|
-
|
Under infinite recursion in the routing layer, request-handling can cause OOM error.
Affected Spring Products and Versions:
Spring Cloud Function 3.2.x: versions prior to 3.2.16
Spring Cloud Functio…
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-40989
|
2026-06-2 23:01 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
590
|
5.7 |
MEDIUM
Physics
|
-
|
-
|
OOM error is possible while attempting to add infinite amount of functions to Function Registry.
Affected Spring Products and Versions:
Spring Cloud Function 3.2.x: versions prior to 3.2.16
Spring C…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-40990
|
2026-06-2 23:01 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
