|
471
|
8.6 |
HIGH
Network
|
-
|
-
|
Vertex is a management tool for PT (Private Tracker) users to manage streaming and watching videos. Versions prior to commit fbde301b97986d5913fc4bc95f5445750d282e11 are vulnerable to path traversal.…
New
|
CWE-22
Path Traversal
|
CVE-2024-40646
|
2026-06-2 03:53 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
472
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time o…
New
|
CWE-306
CWE-1385
Missing Authentication for Critical Function
Missing Origin Validation in WebSockets
|
CVE-2026-44211
|
2026-06-2 03:53 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
473
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loo…
New
|
CWE-674
CWE-835
Uncontrolled Recursion
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-44740
|
2026-06-2 03:53 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
474
|
9.9 |
CRITICAL
Network
|
-
|
-
|
OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be esc…
Update
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-45102
|
2026-06-2 03:50 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
475
|
7.8 |
HIGH
Local
|
-
|
-
|
systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces() when an active Netwo…
Update
|
CWE-78
OS Command
|
CVE-2026-44724
|
2026-06-2 03:50 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
476
|
7.5 |
HIGH
Network
|
-
|
-
|
Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcr…
Update
|
CWE-200
CWE-306
Information Exposure
Missing Authentication for Critical Function
|
CVE-2026-45332
|
2026-06-2 03:50 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
477
|
- |
|
-
|
-
|
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled…
Update
|
CWE-22
CWE-79
Path Traversal
Cross-site Scripting
|
CVE-2026-45668
|
2026-06-2 03:50 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
478
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Use after free in Aura in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Ch…
Update
|
CWE-416
Use After Free
|
CVE-2026-9934
|
2026-06-2 03:49 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
479
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-416
Use After Free
|
CVE-2026-9941
|
2026-06-2 03:49 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
480
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-9940
|
2026-06-2 03:49 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
