|
1601
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Ellucian Banner Self-Service before the April T2 release (2025-04-23) contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in …
|
CWE-79
Cross-site Scripting
|
CVE-2026-32856
|
2026-06-11 04:41 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1602
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HT…
|
CWE-79
Cross-site Scripting
|
CVE-2026-25557
|
2026-06-11 04:41 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1603
|
6.1 |
MEDIUM
Network
|
-
|
-
|
OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the …
|
CWE-79
Cross-site Scripting
|
CVE-2026-34416
|
2026-06-11 04:41 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1604
|
6.1 |
MEDIUM
Network
|
-
|
-
|
OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embeddi…
|
CWE-79
Cross-site Scripting
|
CVE-2026-25860
|
2026-06-11 04:41 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1605
|
6.1 |
MEDIUM
Network
|
-
|
-
|
OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through th…
|
CWE-79
Cross-site Scripting
|
CVE-2026-34417
|
2026-06-11 04:41 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1606
|
7.8 |
HIGH
Local
|
microsoft
|
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2019
windows_server_2022
windows_server_2025
|
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2026-42978
|
2026-06-11 04:38 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1607
|
7.0 |
HIGH
Local
|
microsoft
|
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2019
windows_server_2022
windows_server_2025
|
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
|
CWE-416
Use After Free
|
CVE-2026-42984
|
2026-06-11 04:37 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1608
|
7.5 |
HIGH
Network
|
apache
f5
debian
|
http_server
nginx
debian_linux
|
Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests.
This issue affects Apache HTTP Server: from 2.4.17 …
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-49975
|
2026-06-11 04:36 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1609
|
7.3 |
HIGH
Network
|
apache
|
http_server
|
Use After Free vulnerability in Apache HTTP Server module mod_http2 when file handles are already exhausted.
This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67.
|
CWE-416
Use After Free
|
CVE-2026-48913
|
2026-06-11 04:31 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1610
|
8.8 |
HIGH
Network
|
hcltech
|
digital_experience
digital_experience_compose
|
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the…
|
CWE-78
OS Command
|
CVE-2026-21837
|
2026-06-11 04:25 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
