|
191
|
5.4 |
MEDIUM
Network
|
vmware
|
spring_security
|
An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters.
Affected versions:
Spring Security 5.7.0 throug…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-41003
|
2026-06-13 05:30 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
192
|
5.3 |
MEDIUM
Network
|
vmware
|
spring_security
|
Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloa…
Update
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-41694
|
2026-06-13 05:28 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
193
|
9.8 |
CRITICAL
Network
|
qnap
|
qts
|
QuTS hero is not affected.
We have already fixed the vulnerability in the following version:
QTS 5.2.7.3256 build 20250913 and later
Update
|
NVD-CWE-noinfo
|
CVE-2025-66276
|
2026-06-13 05:25 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194
|
6.5 |
MEDIUM
Network
|
qnap
|
qts
quts_hero
|
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read…
Update
|
CWE-22
Path Traversal
|
CVE-2026-24717
|
2026-06-13 05:21 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195
|
- |
|
-
|
-
|
MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fi…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-54361
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196
|
- |
|
-
|
-
|
A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-54360
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197
|
- |
|
-
|
-
|
MISP contains an insecure default configuration in which the Security.check_sec_fetch_site_header control is disabled. When this setting is disabled, state-changing requests such as POST, PUT, or AJA…
New
|
CWE-352
CWE-1188
Origin Validation Error
Insecure Default Initialization of Resource
|
CVE-2026-54359
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198
|
- |
|
-
|
-
|
An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functio…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-54358
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199
|
- |
|
-
|
-
|
An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organiza…
New
|
CWE-639
CWE-863
Authorization Bypass Through User-Controlled Key
Incorrect Authorization
|
CVE-2026-54357
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200
|
5.0 |
MEDIUM
Local
|
-
|
-
|
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the…
New
|
CWE-59
CWE-367
CWE-426
Link Following
Time-of-check Time-of-use (TOCTOU) Race Condition
Untrusted Search Path
|
CVE-2026-54055
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
