|
351
|
- |
|
-
|
-
|
FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PD…
New
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-45802
|
2026-06-12 05:51 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352
|
8.1 |
HIGH
Network
|
-
|
-
|
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the api_tokens database table. Any…
New
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2026-46622
|
2026-06-12 05:50 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
353
|
5.3 |
MEDIUM
Network
|
-
|
-
|
CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials by issuing cross-origin or HTTP-downgrade redirects to …
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-49949
|
2026-06-12 05:50 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354
|
9.4 |
CRITICAL
Network
|
-
|
-
|
Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that allows unauthenticated remote attackers to hijack initial setup by submitting the _set_password parameter t…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-49973
|
2026-06-12 05:50 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missi…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-53781
|
2026-06-12 05:50 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
356
|
7.4 |
HIGH
Network
|
-
|
-
|
Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresse…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-53782
|
2026-06-12 05:50 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections.
The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by n…
New
|
CWE-93
CRLF Injection
|
CVE-2026-50638
|
2026-06-12 05:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
358
|
8.2 |
HIGH
Network
|
-
|
-
|
Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections.
The statsd protocol (and extensions) allow mutiple metrics,separated by newlines, to be sent p…
New
|
CWE-93
CRLF Injection
|
CVE-2026-50637
|
2026-06-12 05:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
359
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
New
|
-
|
CVE-2026-12038
|
2026-06-12 05:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
360
|
4.0 |
MEDIUM
Local
|
nsa
|
ghidra
|
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability s…
New
|
CWE-758
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
|
CVE-2024-58350
|
2026-06-12 04:53 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
