|
431
|
6.5 |
MEDIUM
Network
|
apache
|
airflow
|
A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking (e.g. nested `password` / `token` / `secret` / `api_key` keys inside a JSON template structure) to be by…
New
|
CWE-200
Information Exposure
|
CVE-2026-42360
|
2026-06-2 02:06 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
432
|
8.1 |
HIGH
Network
|
apache
|
activemq
activemq_broker
|
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.
Apache ActiveMQ Classic exposes th…
New
|
CWE-20
CWE-94
Improper Input Validation
Code Injection
|
CVE-2026-42588
|
2026-06-2 02:06 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
433
|
5.8 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-10517
|
2026-06-2 01:57 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
434
|
5.0 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged u…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-10533
|
2026-06-2 01:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
435
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints (mgmt.php, npcmd.php) that a…
Update
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-24444
|
2026-06-2 01:55 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
436
|
7.5 |
HIGH
Network
|
-
|
-
|
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/{filename} endpoint on Windows deployments that allows unauthenticated remote attack…
New
|
CWE-36
Absolute Path Traversal
|
CVE-2026-10044
|
2026-06-2 01:55 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
437
|
7.5 |
HIGH
Network
|
-
|
-
|
Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attac…
New
|
CWE-256
Plaintext Storage of a Password
|
CVE-2018-25396
|
2026-06-2 01:55 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
438
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules…
New
|
CWE-22
Path Traversal
|
CVE-2018-25421
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
439
|
8.2 |
HIGH
Network
|
-
|
-
|
MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attacke…
New
|
CWE-89
SQL Injection
|
CVE-2018-25422
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
440
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 byte…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25423
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
