|
2481
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,…
|
CWE-290
CWE-306
CWE-346
CWE-807
Authentication Bypass by Spoofing
Missing Authentication for Critical Function
Origin Validation Error
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-44649
|
2026-06-2 12:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2482
|
8.8 |
HIGH
Network
|
freerdp
|
freerdp
|
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel …
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-44420
|
2026-06-2 12:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2483
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function handle_scp_info in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. This man…
|
CWE-119
CWE-787
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Write
|
CVE-2026-10114
|
2026-06-2 12:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2484
|
8.3 |
HIGH
Network
|
-
|
-
|
agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values t…
|
CWE-89
SQL Injection
|
CVE-2026-10105
|
2026-06-2 12:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2485
|
7.5 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in Shibby Tomato 1.28. The impacted element is an unknown function of the file usr/sbin/miniupnpd. Such manipulation leads to resource consumption. The attack may be la…
|
CWE-400
CWE-404
Uncontrolled Resource Consumption
Improper Resource Shutdown or Release
|
CVE-2026-10069
|
2026-06-2 12:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2486
|
9.9 |
CRITICAL
Network
|
-
|
-
|
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated u…
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-45312
|
2026-06-2 11:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2487
|
- |
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create se…
|
CWE-269
CWE-284
Improper Privilege Management
Improper Access Control
|
CVE-2026-45043
|
2026-06-2 11:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2488
|
8.8 |
HIGH
Network
|
tauri
|
tauri
|
Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted loca…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42184
|
2026-06-2 09:52 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2489
|
8.8 |
HIGH
Network
|
dalibo
|
anonymizer
|
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-an…
|
CWE-89
SQL Injection
|
CVE-2026-9617
|
2026-06-2 09:40 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2490
|
6.8 |
MEDIUM
Network
|
gradio_project
|
gradio
|
Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across…
|
CWE-384
Session Fixation
|
CVE-2026-48545
|
2026-06-2 09:34 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
