|
671
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks.
Unicode digits such as the Arabic-Indic One (U+0661) were accepted but not properly parsed as numbers. This…
New
|
CWE-1289
Improper Validation of Unsafe Equivalence in Input
|
CVE-2026-49940
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
672
|
- |
|
-
|
-
|
The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JNI. When deriving native memory addresses…
New
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2026-48040
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
673
|
7.4 |
HIGH
Network
|
-
|
-
|
An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When ssl…
New
|
CWE-297
Improper Validation of Certificate with Host Mismatch
|
CVE-2026-44393
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
674
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose a public `/image/<hash>` route that resolves attacker-controlled entries from `image_has…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-43986
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
675
|
8.9 |
HIGH
Network
|
-
|
-
|
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `log_js_errors` to any authenticated user, including guest users when guest access is en…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-43984
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
676
|
- |
|
-
|
-
|
The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The byte[] is filled with zeros and has no way to distin…
New
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2026-41207
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
677
|
- |
|
-
|
-
|
unicodedata.normalize() can take excessive CPU time when processing
specially crafted Unicode input containing long runs of combining characters
with alternating Canonical Combining Class values.
Thi…
New
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-3276
|
2026-06-5 03:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
678
|
7.8 |
HIGH
Local
|
-
|
-
|
Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remot…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-25551
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
679
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remote code execution vulnerability in the .NET Remoting service exposed on TCP port 7375 via BtSystem.Service.exe. The serv…
New
|
CWE-306
CWE-502
Missing Authentication for Critical Function
Deserialization of Untrusted Data
|
CVE-2026-25550
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
680
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being incorporated into a SQL query, allowing an unauthenticat…
New
|
CWE-89
SQL Injection
|
CVE-2026-10880
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
