|
601
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-10875
|
2026-06-5 22:26 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
602
|
7.2 |
HIGH
Network
|
-
|
-
|
The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the `sa…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-10586
|
2026-06-5 22:26 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
603
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in SourceCodester Ship Ferry Ticket Reservation System 1.0. This affects an unknown function of the file /admin/. This manipulation of the argument page causes improper…
New
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-10876
|
2026-06-5 22:26 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
604
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component Admin Login…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-10877
|
2026-06-5 22:26 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
605
|
6.1 |
MEDIUM
Network
|
citeum
|
opencti
|
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable bo…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-35212
|
2026-06-5 22:07 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
606
|
3.1 |
LOW
Network
|
djangoproject
|
django
|
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.
`django.middleware.cache.UpdateCacheMiddleware` in Django does not add `Authorization` to the `Vary` response header for requ…
New
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2026-35193
|
2026-06-5 22:03 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
607
|
5.3 |
MEDIUM
Network
|
djangoproject
|
django
|
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.
`django.utils.cache.has_vary_header()` in Django does not strip leading or trailing whitespace from `Vary` response header va…
New
|
CWE-1023
Incomplete Comparison with Missing Factors
|
CVE-2026-48587
|
2026-06-5 22:03 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
608
|
4.3 |
MEDIUM
Network
|
djangoproject
|
django
|
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.
`django.http.HttpRequest.get_signed_cookie` in Django uses a non-injective salt derivation (concatenating the cookie name and…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-6873
|
2026-06-5 21:58 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
609
|
3.1 |
LOW
Network
|
djangoproject
|
django
|
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.
`django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent reuse of a partially-initialized connection after a …
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-7666
|
2026-06-5 21:46 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
610
|
5.3 |
MEDIUM
Network
|
djangoproject
|
django
|
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.
`django.middleware.cache.UpdateCacheMiddleware` in Django does not match `Cache-Control` response directives case-insensitive…
New
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2026-8404
|
2026-06-5 21:38 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
