|
1761
|
5.4 |
MEDIUM
Network
|
-
|
-
|
IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to …
|
CWE-79
Cross-site Scripting
|
CVE-2025-33128
|
2026-06-24 00:16 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1762
|
5.3 |
MEDIUM
Network
|
-
|
-
|
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2023-33854
|
2026-06-24 00:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1763
|
5.5 |
MEDIUM
Local
|
-
|
-
|
NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfs_sb_is_valid() function fails to validate s_log_block_size field in NILFS2 superblock before bit-shift operations. Attackers supplying cra…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-55392
|
2026-06-24 00:16 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1764
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Hashgraph Guardian through 3.6.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARD_REGISTRY role to inject malicious scr…
|
CWE-79
Cross-site Scripting
|
CVE-2026-22674
|
2026-06-24 00:16 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1765
|
7.8 |
HIGH
Local
|
-
|
-
|
Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can …
|
CWE-428
Unquoted Search Path or Element
|
CVE-2016-20087
|
2026-06-24 00:16 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1766
|
8.1 |
HIGH
Network
|
apache
|
apisix
|
Incorrect Authorization vulnerability in Apache APISIX.
An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different so…
|
CWE-863
Incorrect Authorization
|
CVE-2026-47339
|
2026-06-24 00:11 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1767
|
6.1 |
MEDIUM
Network
|
apache
|
apisix
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX.
The default configuration of cas-auth in Apache APISIX is vulnerable to phishing and credential theft.
This issue…
|
CWE-601
Open Redirect
|
CVE-2026-44915
|
2026-06-24 00:11 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1768
|
4.9 |
MEDIUM
Physics
|
-
|
-
|
Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversal state. In ext2_fetch_direntry() (subsys/fs/ext2/ex…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-10645
|
2026-06-24 00:11 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1769
|
7.1 |
HIGH
Adjacent
|
-
|
-
|
A malformed Bluetooth Classic SDP attribute can trigger a reachable assertion in Zephyr's SDP parser. In subsys/bluetooth/host/classic/sdp.c, bt_sdp_parse_attribute() accepts an input buffer once it …
|
CWE-20
CWE-617
Improper Input Validation
Reachable Assertion
|
CVE-2026-10651
|
2026-06-24 00:11 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1770
|
7.1 |
HIGH
Adjacent
|
-
|
-
|
A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In bt_iso_recv() (subsys/bluetooth/host/iso.c), when processing PB=START/SINGLE f…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-10658
|
2026-06-24 00:11 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
