|
1001
|
8.1 |
HIGH
Network
|
-
|
-
|
HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site v…
|
CWE-1027
|
CVE-2025-59874
|
2026-06-5 00:25 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1002
|
- |
|
-
|
-
|
An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item.
This issue affects glpi: before 11.0.7.
|
CWE-79
Cross-site Scripting
|
CVE-2026-5385
|
2026-06-5 00:23 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1003
|
- |
|
-
|
-
|
An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the item_name, description, or image fields of an Item and trigger unescaped rendering in the …
|
CWE-79
Cross-site Scripting
|
CVE-2026-42839
|
2026-06-5 00:23 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1004
|
- |
|
-
|
-
|
An authenticated user can persist arbitrary HTML/JavaScript in the email_id or mobile_no fields of a Customer record and trigger unescaped rendering in the Point of Sale (POS) interface for every ope…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42840
|
2026-06-5 00:23 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1005
|
- |
|
-
|
-
|
Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-8936
|
2026-06-5 00:21 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1006
|
5.3 |
MEDIUM
Network
|
-
|
-
|
daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 (unlimited), an unauthenticated remote a…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-44545
|
2026-06-5 00:21 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1007
|
3.7 |
LOW
Network
|
-
|
-
|
daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or …
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-44546
|
2026-06-5 00:21 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1008
|
- |
|
-
|
-
|
Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections.
The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inj…
|
CWE-93
CRLF Injection
|
CVE-2026-8722
|
2026-06-5 00:21 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1009
|
7.5 |
HIGH
Network
|
-
|
-
|
HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities.
The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV retu…
|
CWE-416
Use After Free
|
CVE-2026-8829
|
2026-06-5 00:21 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1010
|
7.5 |
HIGH
Network
|
-
|
-
|
Dell BSAFE SSL-J contains an allocation of resources without limits or throttling vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to a Denial o…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-46638
|
2026-06-5 00:21 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
