|
2111
|
- |
|
-
|
-
|
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access t…
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-40605
|
2026-06-5 01:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2112
|
4.6 |
MEDIUM
Physics
|
-
|
-
|
The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive u…
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2026-36178
|
2026-06-5 01:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2113
|
6.5 |
MEDIUM
Network
|
-
|
-
|
(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the sa…
|
-
|
CVE-2026-27145
|
2026-06-5 01:15 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2114
|
7.5 |
HIGH
Network
|
-
|
-
|
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-42504
|
2026-06-5 01:15 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2115
|
5.3 |
MEDIUM
Network
|
-
|
-
|
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or log…
|
-
|
CVE-2026-42507
|
2026-06-5 01:15 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2116
|
7.5 |
HIGH
Network
|
-
|
-
|
ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform m…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-50031
|
2026-06-5 01:15 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2117
|
- |
|
-
|
-
|
In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync
attack (request smuggling), which in turn can be…
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-50052
|
2026-06-5 01:15 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2118
|
- |
|
-
|
-
|
Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocat…
|
CWE-367
CWE-770
Time-of-check Time-of-use (TOCTOU) Race Condition
Allocation of Resources Without Limits or Throttling
|
CVE-2026-35202
|
2026-06-5 01:12 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2119
|
5.3 |
MEDIUM
Network
|
-
|
-
|
CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authen…
|
CWE-287
Improper Authentication
|
CVE-2026-45289
|
2026-06-5 01:12 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2120
|
4.9 |
MEDIUM
Network
|
-
|
-
|
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a fully-functional HTTP cli…
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-41412
|
2026-06-5 01:12 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
