|
4021
|
7.7 |
HIGH
Network
|
elastic
|
kibana
|
Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server t…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-49093
|
2026-06-1 23:13 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4022
|
7.8 |
HIGH
Local
|
jetbrains
|
intellij_idea
|
In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-49382
|
2026-06-1 22:59 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4023
|
7.8 |
HIGH
Local
|
jetbrains
|
intellij_idea
|
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
|
CWE-78
OS Command
|
CVE-2026-49366
|
2026-06-1 22:59 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4024
|
3.3 |
LOW
Local
|
jetbrains
|
intellij_idea
|
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
|
CWE-611
XXE
|
CVE-2026-49383
|
2026-06-1 22:58 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4025
|
8.8 |
HIGH
Network
|
jetbrains
|
intellij_idea
|
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
|
CWE-862
Missing Authorization
|
CVE-2026-49367
|
2026-06-1 22:56 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4026
|
6.5 |
MEDIUM
Network
|
elastic
|
kibana
|
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with viewer-level access can submit a request containin…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-49094
|
2026-06-1 22:31 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4027
|
6.5 |
MEDIUM
Network
|
elastic
|
kibana
|
Improper Input Validation (CWE-20) in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent po…
|
CWE-20
Improper Input Validation
|
CVE-2026-49095
|
2026-06-1 22:30 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4028
|
7.8 |
HIGH
Local
|
canonical
|
multipass
|
An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd da…
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-49237
|
2026-06-1 22:27 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4029
|
8.4 |
HIGH
Local
|
canonical
|
multipass
|
An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), which executes with root privileges on the host, contains a path containment …
|
CWE-22
Path Traversal
|
CVE-2026-49238
|
2026-06-1 22:26 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4030
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function create_medicine_name of the file /ShowForm/create_medicine_name/…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-10244
|
2026-06-1 22:14 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
