|
1641
|
5.3 |
MEDIUM
Network
|
-
|
-
|
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract() in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-54285
|
2026-06-24 01:17 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1642
|
- |
|
-
|
-
|
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the max_line_size check in parts of an HTTP request in the C parser. If using…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-54277
|
2026-06-24 01:17 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1643
|
3.7 |
LOW
Network
|
-
|
-
|
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATW…
|
CWE-436
CWE-444
Interpretation Conflict
HTTP Request Smuggling
|
CVE-2026-53538
|
2026-06-24 01:17 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1644
|
- |
|
-
|
-
|
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim aft…
|
CWE-77
CWE-93
Command Injection
CRLF Injection
|
CVE-2026-47240
|
2026-06-24 01:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1645
|
- |
|
-
|
-
|
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.5, CVE-2026-34084 was patched by the helper File::prohibitWrappers. The helper calls parse_url($filename,…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-45034
|
2026-06-24 01:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1646
|
6.1 |
MEDIUM
Network
|
-
|
-
|
WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect ta…
|
CWE-601
Open Redirect
|
CVE-2026-44889
|
2026-06-24 01:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1647
|
8.1 |
HIGH
Network
|
-
|
-
|
NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcod…
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-35019
|
2026-06-24 01:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1648
|
- |
|
-
|
-
|
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection (SSTI) vulnerability in the template rendering system. Administr…
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-28496
|
2026-06-24 01:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1649
|
- |
|
-
|
-
|
FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated …
|
CWE-200
CWE-306
CWE-862
CWE-863
Information Exposure
Missing Authentication for Critical Function
Missing Authorization
Incorrect Authorization
|
CVE-2026-27604
|
2026-06-24 01:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1650
|
5.3 |
MEDIUM
Network
|
-
|
-
|
An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is called with extrabytes=0, failing to validate that 10 …
|
CWE-125
Out-of-bounds Read
|
CVE-2026-12969
|
2026-06-24 01:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
