|
1711
|
7.5 |
HIGH
Network
|
-
|
-
|
WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMG_PATH directory by sending requests with…
|
CWE-22
Path Traversal
|
CVE-2026-53779
|
2026-06-24 00:42 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1712
|
9.8 |
CRITICAL
Network
|
-
|
-
|
All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction() API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into…
|
CWE-94
Code Injection
|
CVE-2026-12866
|
2026-06-24 00:42 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1713
|
7.8 |
HIGH
Local
|
-
|
-
|
AVAST Antivirus 25.11 contains an unquoted service path vulnerability in the SecureLine service that allows local non-privileged users to execute code with elevated SYSTEM privileges. Attackers can e…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2025-71326
|
2026-06-24 00:37 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1714
|
5.9 |
MEDIUM
Local
|
libexpat_project
|
libexpat
|
libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a …
|
CWE-416
Use After Free
|
CVE-2026-56412
|
2026-06-24 00:31 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1715
|
7.8 |
HIGH
Local
|
-
|
-
|
Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2026-25865
|
2026-06-24 00:29 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1716
|
7.8 |
HIGH
Local
|
-
|
-
|
NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2_Service_Netdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can inse…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2016-20092
|
2026-06-24 00:29 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1717
|
7.8 |
HIGH
Local
|
-
|
-
|
Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary co…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2016-20093
|
2026-06-24 00:29 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1718
|
9.3 |
CRITICAL
Network
|
apache
|
apisix
|
Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations.
This defect allows a remote attacker that manages to send a victim to a webpage controlled by the…
|
CWE-352
Origin Validation Error
|
CVE-2026-49871
|
2026-06-24 00:20 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1719
|
8.1 |
HIGH
Network
|
apache
|
apisix
|
Improper Authentication vulnerability in Apache APISIX.
When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source.
This issue…
|
CWE-287
Improper Authentication
|
CVE-2026-49872
|
2026-06-24 00:18 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1720
|
5.4 |
MEDIUM
Network
|
apache
|
apisix
|
Authentication Bypass by Spoofing vulnerability in opa plugin.
An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin.
This could allow…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-49231
|
2026-06-24 00:18 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
