|
2091
|
- |
|
-
|
-
|
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerabili…
|
CWE-22
Path Traversal
|
CVE-2026-46486
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2092
|
8.1 |
HIGH
Network
|
-
|
-
|
Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by…
|
CWE-22
CWE-285
Path Traversal
Improper Authorization
|
CVE-2026-46484
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2093
|
- |
|
-
|
-
|
Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fides_description override. This issue h…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44541
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2094
|
5.6 |
MEDIUM
Network
|
-
|
-
|
Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connecti…
|
CWE-299
Improper Check for Certificate Revocation
|
CVE-2026-6899
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2095
|
- |
|
-
|
-
|
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously …
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2026-49232
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2096
|
- |
|
-
|
-
|
Origin Validation Error vulnerability in ninenines gun (gun_http2 module) allows cross-origin cookie injection via unvalidated HTTP/2 PUSH_PROMISE authority.
In gun_http2:push_promise_frame/7, the :…
|
CWE-346
Origin Validation Error
|
CVE-2026-43972
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2097
|
- |
|
-
|
-
|
Uncontrolled Resource Consumption vulnerability in ninenines gun (gun_http module) allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering.
In gun_http:handle/5,…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-43973
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2098
|
- |
|
-
|
-
|
Unexpected Status Code or Return Value vulnerability in ninenines gun (gun_http module) allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Prot…
|
CWE-841
Improper Enforcement of Behavioral Workflow
|
CVE-2026-43974
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2099
|
- |
|
-
|
-
|
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb respo…
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-49755
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2100
|
- |
|
-
|
-
|
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata.
Req.Utils.encode_form_part/2 …
|
CWE-93
CRLF Injection
|
CVE-2026-49756
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
