|
1671
|
9.9 |
CRITICAL
Network
|
-
|
-
|
deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are vulnerable to Prototype Pollution. Exploitation can l…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-49252
|
2026-06-24 00:59 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1672
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verifie…
|
CWE-287
CWE-347
Improper Authentication
Improper Verification of Cryptographic Signature
|
CVE-2026-49454
|
2026-06-24 00:59 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1673
|
- |
|
-
|
-
|
Line Desktop MCP is a project that, while unaffiliated with the official line-bot-mcp-server, allows users to directly operate the LINE Desktop application on Windows or Mac via MCP. `line-desktop-mc…
|
CWE-306
CWE-862
Missing Authentication for Critical Function
Missing Authorization
|
CVE-2026-49357
|
2026-06-24 00:59 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1674
|
7.4 |
HIGH
Network
|
-
|
-
|
Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It addressed the issue in the query builder, but the sam…
|
CWE-470
Unsafe Reflection
|
CVE-2026-49287
|
2026-06-24 00:59 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1675
|
8.1 |
HIGH
Network
|
-
|
-
|
mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at `/mcp` requires only OAuth `read` scope for all requests, then dispatche…
|
CWE-862
Missing Authorization
|
CVE-2026-49291
|
2026-06-24 00:59 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1676
|
- |
|
-
|
-
|
Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine (`/admin/queries/execute`) accepts a JSON DSL (`from` /…
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2026-49344
|
2026-06-24 00:59 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1677
|
- |
|
-
|
-
|
Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery (SSRF) vulnerability exists in Mercator's CVE con…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-49345
|
2026-06-24 00:59 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1678
|
10.0 |
CRITICAL
Network
|
-
|
-
|
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the `PROXY UNKNOWN <addr> <addr> <port> <port>\r\n` PP1 frame …
|
CWE-348
CWE-863
Use of Less Trusted Source
Incorrect Authorization
|
CVE-2026-48772
|
2026-06-24 00:57 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1679
|
7.5 |
HIGH
Network
|
-
|
-
|
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP `run_sql_readonly` tool violates its documented read-only contract for MySQL …
|
CWE-20
Improper Input Validation
|
CVE-2026-48774
|
2026-06-24 00:57 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1680
|
3.7 |
LOW
Network
|
-
|
-
|
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parse_form() did not validate the Content-Length header before using it to bound its chunked read of the request body. A …
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-53540
|
2026-06-24 00:56 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
