|
1121
|
6.1 |
MEDIUM
Network
|
-
|
-
|
SourceCodester Doctor Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) due to improper handling of user supplied input in the user registration functionality in register.php.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-36324
|
2026-06-2 02:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1122
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the arg…
Update
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-10190
|
2026-06-2 02:16 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1123
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads …
Update
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-10154
|
2026-06-2 02:16 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1124
|
3.8 |
LOW
Network
|
tfa_basic_plugins_project
|
tfa_basic_plugins
|
An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users.
This issue affects TFA Basic Plugins…
Update
|
CWE-267
Privilege Defined With Unsafe Actions
|
CVE-2026-6816
|
2026-06-2 02:15 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1125
|
8.8 |
HIGH
Network
|
apache
|
activemq
|
Incorrect Default Permissions vulnerability in Apache ActiveMQ.
This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6.
The default Jolokia authorization settings granted non-ad…
New
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-49157
|
2026-06-2 02:09 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1126
|
5.9 |
MEDIUM
Network
|
apache
|
activemq
activemq_broker
|
Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All.
Brokers that are configured with a network connector with syncDurabl…
New
|
CWE-1230
Exposure of Sensitive Information Through Metadata
|
CVE-2026-49270
|
2026-06-2 02:09 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1127
|
8.8 |
HIGH
Network
|
apache
|
activemq
activemq_broker
|
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.
Non-parenthesized discovery wrapp…
New
|
CWE-20
CWE-94
Improper Input Validation
Code Injection
|
CVE-2026-45505
|
2026-06-2 02:09 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1128
|
6.5 |
MEDIUM
Network
|
apache
|
airflow
|
A bug in the GET `/api/v2/connections/{connection_id}` REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connect…
New
|
CWE-200
Information Exposure
|
CVE-2026-45192
|
2026-06-2 02:08 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1129
|
6.5 |
MEDIUM
Network
|
apache
|
mina_sshd
|
Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to …
New
|
CWE-22
Path Traversal
|
CVE-2026-48827
|
2026-06-2 02:08 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1130
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without …
Update
|
CWE-620
Unverified Password Change
|
CVE-2026-5386
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
