|
1521
|
5.5 |
MEDIUM
Local
|
synology
|
storage_manager
|
A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive inf…
|
CWE-598
Information Exposure Through Query Strings in GET Request
|
CVE-2026-2237
|
2026-06-2 19:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1522
|
7.5 |
HIGH
Network
|
jetbrains
|
teamcity
|
In JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possible
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-49372
|
2026-06-2 13:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1523
|
8.2 |
HIGH
Network
|
jetbrains
|
teamcity
|
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
|
CWE-79
Cross-site Scripting
|
CVE-2026-49371
|
2026-06-2 13:06 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1524
|
7.5 |
HIGH
Network
|
-
|
-
|
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifyin…
|
CWE-290
CWE-345
Authentication Bypass by Spoofing
Insufficient Verification of Data Authenticity
|
CVE-2026-47123
|
2026-06-2 12:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1525
|
8.2 |
HIGH
Network
|
-
|
-
|
form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys (e.g. name[sub]) into nested objects without filtering __proto__, constructor, …
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-46510
|
2026-06-2 12:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1526
|
8.8 |
HIGH
Network
|
-
|
-
|
Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.0 and earlier, the deleteRegistry function in Dokploy (packages/server/src/services/registry.ts) executes docker logout ${respon…
|
CWE-78
OS Command
|
CVE-2026-45662
|
2026-06-2 12:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1527
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitr…
|
CWE-22
CWE-35
Path Traversal
Path Traversal: '.../...//'
|
CVE-2026-45661
|
2026-06-2 12:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1528
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to…
|
CWE-78
OS Command
|
CVE-2026-45629
|
2026-06-2 12:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1529
|
7.5 |
HIGH
Network
|
yhirose
|
cpp-httplib
|
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process cras…
|
CWE-20
CWE-770
CWE-1285
Improper Input Validation
Allocation of Resources Without Limits or Throttling
Improper Validation of Specified Index, Position, or Offset in Input
|
CVE-2026-45352
|
2026-06-2 12:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1530
|
5.3 |
MEDIUM
Network
|
-
|
-
|
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted…
|
CWE-203
CWE-204
Information Exposure Through Discrepancy
Response Discrepancy Information Exposure
|
CVE-2026-45294
|
2026-06-2 12:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
