|
351
|
- |
|
-
|
-
|
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the `cookies` parameter on requests are sent after following a cross-origin r…
New
|
CWE-346
Origin Validation Error
|
CVE-2026-47265
|
2026-06-3 05:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352
|
7.8 |
HIGH
Local
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRY_FALLBACK_APP environment variable and executes it directly withou…
Update
|
CWE-78
OS Command
|
CVE-2026-44709
|
2026-06-3 05:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
353
|
7.5 |
HIGH
Network
|
-
|
-
|
React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportio…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-42342
|
2026-06-3 05:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354
|
8.1 |
HIGH
Network
|
-
|
-
|
React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution (RCE) through extern…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-42211
|
2026-06-3 05:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355
|
- |
|
-
|
-
|
authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor (ResponseProcessor.parse()) does not validate the Conditions element on ass…
New
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-41577
|
2026-06-3 05:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
356
|
- |
|
-
|
-
|
React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to p…
New
|
CWE-601
Open Redirect
|
CVE-2026-40181
|
2026-06-3 05:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357
|
- |
|
-
|
-
|
Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocat…
New
|
CWE-367
CWE-770
Time-of-check Time-of-use (TOCTOU) Race Condition
Allocation of Resources Without Limits or Throttling
|
CVE-2026-35202
|
2026-06-3 05:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
358
|
6.5 |
MEDIUM
Network
|
-
|
-
|
wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external message with an encrypted payload that is shorter tha…
New
|
CWE-20
CWE-191
Improper Input Validation
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-35049
|
2026-06-3 05:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
359
|
6.4 |
MEDIUM
Local
|
-
|
-
|
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using ``CookieJar.load()`` with untrusted input may allow arbitrary code execution. Most appli…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-34993
|
2026-06-3 05:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
360
|
7.5 |
HIGH
Network
|
-
|
-
|
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site Scripting (XSS…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-34077
|
2026-06-3 05:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
