|
1321
|
8.2 |
HIGH
Network
|
-
|
-
|
parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData() walks bracket and dot-notation FormData field names into nes…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-45302
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1322
|
- |
|
-
|
-
|
esm.sh is a no-build content delivery network (CDN) for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ulti…
|
CWE-22
Path Traversal
|
CVE-2026-44593
|
2026-06-3 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1323
|
- |
|
-
|
-
|
Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content.
Package keys read from build/packages/packages.t…
|
CWE-22
Path Traversal
|
CVE-2026-43965
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1324
|
- |
|
-
|
-
|
Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball.
The file collection helpers (gleam_files, native_…
|
CWE-59
Link Following
|
CVE-2026-42795
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1325
|
7.5 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Fi…
|
CWE-862
Missing Authorization
|
CVE-2026-42670
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1326
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when app…
|
CWE-193
Off-by-one Error
|
CVE-2026-42015
|
2026-06-3 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1327
|
8.2 |
HIGH
Network
|
-
|
-
|
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) fiel…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-42013
|
2026-06-3 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1328
|
7.1 |
HIGH
Network
|
-
|
-
|
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject A…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-42012
|
2026-06-3 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1329
|
6.5 |
MEDIUM
Network
|
apache
|
flink_kubernetes_operator
|
Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator.
The FlinkSessionJob jarURI is currently not validated so th…
|
CWE-552
CWE-918
Files or Directories Accessible to External Parties
Server-Side Request Forgery (SSRF)
|
CVE-2026-40564
|
2026-06-3 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1330
|
- |
|
-
|
-
|
Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory.
The documentation.pages …
|
CWE-22
Path Traversal
|
CVE-2026-32685
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
