|
121
|
7.5 |
HIGH
Network
|
-
|
-
|
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers() and rela…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-50010
|
2026-06-13 01:18 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
122
|
- |
|
-
|
-
|
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty HTTP/2 max header size handling produces an attack si…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-50560
|
2026-06-13 01:18 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
123
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible through exploiting an endpoint. This issue has been patched in versions 15.…
New
|
CWE-200
Information Exposure
|
CVE-2026-44206
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
124
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to access other users' email configuration details. This iss…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44207
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
125
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submit_discussion()" endpoint allows for unauthorized access to resources. This i…
New
|
CWE-284
CWE-285
Improper Access Control
Improper Authorization
|
CVE-2026-44208
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
126
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, any authenticated user can reset onboarding for all users in the system. This issue has been patched in versi…
New
|
CWE-862
Missing Authorization
|
CVE-2026-44975
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
127
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched in version 16.17.4.
New
|
CWE-284
Improper Access Control
|
CVE-2026-47182
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
128
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in these endpoints allowed unauthorized access to resources. This issue has been …
New
|
CWE-862
Missing Authorization
|
CVE-2026-50026
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
129
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, there is a stored XSS vulnerablity in Frappe Report/List View. This issue has been patched in versions 15.107…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-53568
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
130
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud (RMC) allows Brute Force.
This issue affects Related Marketing Cloud…
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-5792
|
2026-06-13 01:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
