|
1121
|
- |
|
-
|
-
|
Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI plat…
|
CWE-20
Improper Input Validation
|
CVE-2026-12537
|
2026-06-26 04:51 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1122
|
8.8 |
HIGH
Network
|
-
|
-
|
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing mal…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-56766
|
2026-06-26 04:50 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1123
|
8.5 |
HIGH
Network
|
-
|
-
|
Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arb…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-56769
|
2026-06-26 04:50 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1124
|
4.3 |
MEDIUM
Network
|
-
|
-
|
NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary user_id values to the GET /social/inter…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-56772
|
2026-06-26 04:50 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1125
|
6.4 |
MEDIUM
Network
|
-
|
-
|
MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to make arbitrary server requests by supplying unvalidat…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-56779
|
2026-06-26 04:50 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1126
|
8.8 |
HIGH
Network
|
-
|
-
|
Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link tok…
|
CWE-862
Missing Authorization
|
CVE-2026-56768
|
2026-06-26 04:48 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1127
|
7.5 |
HIGH
Network
|
-
|
-
|
libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash s…
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-56770
|
2026-06-26 04:48 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1128
|
6.5 |
MEDIUM
Local
|
-
|
-
|
An out-of-bounds heap read and integer underflow in the TCP urgent data handling (sosendoob) in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments (e.g., QEMU) allows a pr…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-9539
|
2026-06-26 04:26 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1129
|
8.2 |
HIGH
Network
|
-
|
-
|
FlatPress contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2026-56785
|
2026-06-26 04:25 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1130
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set…
|
CWE-241
Improper Handling of Unexpected Data Type
|
CVE-2026-47110
|
2026-06-26 04:25 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
