|
161
|
- |
|
-
|
-
|
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an e…
New
|
CWE-77
Command Injection
|
CVE-2026-42850
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
162
|
- |
|
-
|
-
|
Actual is a local-first personal finance tool. The `POST /openid/config` endpoint in Actual Budget's sync-server versions <= 26.4.0 exposes the full OpenID Connect configuration—including the OAuth2 …
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-42604
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
163
|
7.5 |
HIGH
Network
|
-
|
-
|
form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `field` argument to `FormData#append` and the `filename` option are concatenated verbatim into…
New
|
CWE-93
CRLF Injection
|
CVE-2026-12143
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
164
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting clie…
New
|
CWE-415
Double Free
|
CVE-2026-12043
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
165
|
- |
|
-
|
-
|
Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post…
New
|
CWE-862
Missing Authorization
|
CVE-2026-10715
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
166
|
7.5 |
HIGH
Network
|
qnap
|
qumagie
|
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions.
We hav…
Update
|
CWE-359
CWE-862
Exposure of Private Personal Information to an Unauthorized Actor
Missing Authorization
|
CVE-2026-26237
|
2026-06-13 04:53 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
167
|
5.5 |
MEDIUM
Network
|
splunk
|
splunk
splunk_cloud_platform
|
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds…
Update
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-20259
|
2026-06-13 04:50 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
168
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page. (Chromium security severity: High)
New
|
CWE-362
Race Condition
|
CVE-2026-1220
|
2026-06-13 04:47 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
169
|
7.5 |
HIGH
Network
|
tdengine
|
tdengine
|
TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process b…
New
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-42542
|
2026-06-13 04:40 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
170
|
8.8 |
HIGH
Network
|
microsoft
|
exchange_server
|
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45504
|
2026-06-13 04:39 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
