|
741
|
3.8 |
LOW
Local
|
-
|
-
|
A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is …
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-13322
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
742
|
6.4 |
MEDIUM
Network
|
-
|
-
|
A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance (VMI), virt-api reads the target IP…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-13318
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
743
|
8.5 |
HIGH
Network
|
-
|
-
|
A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-13325
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
744
|
- |
|
-
|
-
|
A vulnerability exists in the netclient and factory services of Reolink Home Hub (versions prior to v3.3.0.456_26031911) due to the possibility of brute-force cracking the credentials. This issue cou…
New
|
CWE-1391
Use of Weak Credentials
|
CVE-2026-57473
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
745
|
8.1 |
HIGH
Network
|
-
|
-
|
picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in __reduce__ methods. Attackers can embed undetected code in pickle files tha…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-71340
|
2026-06-27 01:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
746
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing f…
New
|
-
|
CVE-2025-10268
|
2026-06-27 01:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
747
|
7.5 |
HIGH
Network
|
-
|
-
|
The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attac…
New
|
-
|
CVE-2026-10823
|
2026-06-27 01:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
748
|
7.7 |
HIGH
Network
|
-
|
-
|
The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce au…
New
|
-
|
CVE-2026-10835
|
2026-06-27 01:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
749
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level acce…
New
|
-
|
CVE-2026-8380
|
2026-06-27 01:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
750
|
7.5 |
HIGH
Network
|
-
|
-
|
Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers.
New
|
CWE-602
Client-Side Enforcement of Server-Side Security
|
CVE-2026-57912
|
2026-06-27 01:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
