|
311
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-24754
|
2026-06-2 22:55 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permi…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-24755
|
2026-06-2 22:55 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resou…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-24756
|
2026-06-2 22:55 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314
|
3.7 |
LOW
Network
|
-
|
-
|
Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metad…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-24761
|
2026-06-2 22:55 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315
|
7.6 |
HIGH
Network
|
-
|
-
|
Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBui…
New
|
CWE-89
SQL Injection
|
CVE-2026-24782
|
2026-06-2 22:55 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316
|
- |
|
-
|
-
|
Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter…
New
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-34906
|
2026-06-2 22:54 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317
|
- |
|
-
|
-
|
Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting (XSS) due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScr…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-34907
|
2026-06-2 22:54 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318
|
8.8 |
HIGH
Network
|
bentoml
|
bentoml
|
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].n…
Update
|
CWE-78
CWE-94
OS Command
Code Injection
|
CVE-2026-44346
|
2026-06-2 22:48 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319
|
7.5 |
HIGH
Network
|
botan_project
|
botan
|
Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such …
Update
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-44378
|
2026-06-2 22:42 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
320
|
7.2 |
HIGH
Network
|
tp-link
|
archer_be450_firmware
archer_be7200_firmware
|
An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interf…
Update
|
CWE-20
CWE-77
Improper Input Validation
Command Injection
|
CVE-2026-5509
|
2026-06-2 22:40 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
