|
271
|
7.1 |
HIGH
Network
|
-
|
-
|
Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-54198
|
2026-06-16 23:52 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server.
This issue affects Kids Online Store: from n/a through 0.…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-40750
|
2026-06-16 23:52 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273
|
9.6 |
CRITICAL
Adjacent
|
kubev2v
|
assisted_migration_agent
|
A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network (LAN), can exploit a path traversal vulnerability. By crafting a specially designed g…
Update
|
CWE-59
CWE-22
Link Following
Path Traversal
|
CVE-2026-53476
|
2026-06-16 23:52 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274
|
7.4 |
HIGH
Network
|
kubev2v
|
assisted_migration_agent
|
A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security (TLS) connections when communicating with vCenter. This vulnerability allows a Man-in-the-Mid…
Update
|
CWE-295
Improper Certificate Validation
|
CVE-2026-53475
|
2026-06-16 23:41 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275
|
6.5 |
MEDIUM
Network
|
kebev2v
|
migration_assessment
|
A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malici…
Update
|
CWE-89
SQL Injection
|
CVE-2026-53474
|
2026-06-16 23:37 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276
|
5.4 |
MEDIUM
Network
|
kubev2v
|
migration_planner_ui
|
A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user click…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-53473
|
2026-06-16 23:29 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277
|
8.1 |
HIGH
Network
|
tp-link
|
tapo_c110_firmware
|
An
authenticated format string vulnerability exists in the ONVIF service of Tapo
C110 v2 due to improper handling of user-controlled input. Externally controlled data is interpreted as
a format stri…
Update
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2026-6250
|
2026-06-16 23:19 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278
|
6.1 |
MEDIUM
Network
|
diagrams
|
drawio
|
draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-46642
|
2026-06-16 22:54 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279
|
8.5 |
HIGH
Network
|
litespeedtech
|
litespeed_cpanel_plugin
litespeed_whm_plugin
|
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running Clo…
New
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-54420
|
2026-06-16 21:55 |
2026-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280
|
6.5 |
MEDIUM
Network
|
cisco
|
catalyst_sd-wan_manager
|
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an a…
New
|
CWE-22
Path Traversal
|
CVE-2026-20262
|
2026-06-16 21:54 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
