|
1521
|
8.1 |
HIGH
Network
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion.
This issue affects Wa…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-39553
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1522
|
8.1 |
HIGH
Network
|
-
|
-
|
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
This issue affects Askka: from n/a through 1.3.1.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-39555
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1523
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Elementor Website Builder: from…
|
CWE-862
Missing Authorization
|
CVE-2026-49782
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1524
|
8.8 |
HIGH
Network
|
openstack
|
keystone
|
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raw JSON request body into the policy enforcement dictionary …
|
CWE-863
Incorrect Authorization
|
CVE-2026-42999
|
2026-06-2 23:41 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1525
|
8.1 |
HIGH
Network
|
-
|
-
|
AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv() function within shm_broadcast.py that allows unauthenticate…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-49121
|
2026-06-2 23:40 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1526
|
4.3 |
MEDIUM
Adjacent
|
-
|
-
|
Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection…
|
CWE-538
File and Directory Information Exposure
|
CVE-2019-25717
|
2026-06-2 23:40 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1527
|
8.8 |
HIGH
Network
|
openstack
|
keystone
|
An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to ad…
|
CWE-863
Incorrect Authorization
|
CVE-2026-43000
|
2026-06-2 23:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1528
|
4.9 |
MEDIUM
Network
|
mattermost
|
legal_hold
|
Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federat…
|
CWE-22
Path Traversal
|
CVE-2026-6957
|
2026-06-2 23:29 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1529
|
8.1 |
HIGH
Network
|
erlang
|
erlang\/otp
|
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verific…
|
CWE-295
CWE-297
Improper Certificate Validation
Improper Validation of Certificate with Host Mismatch
|
CVE-2026-42790
|
2026-06-2 23:24 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1530
|
8.1 |
HIGH
Network
|
openstack
|
keystone
|
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federate…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44394
|
2026-06-2 23:21 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
