|
221
|
5.9 |
MEDIUM
Network
|
-
|
-
|
LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private …
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-57943
|
2026-06-30 03:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222
|
5.3 |
MEDIUM
Network
|
-
|
-
|
LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the get_remote_address() function that allows unauthenticated attackers to spoof client IP addresses by…
New
|
CWE-348
Use of Less Trusted Source
|
CVE-2026-57942
|
2026-06-30 03:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files.
This issue affects OMGF Pro: from n/a through 5.2.6.
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-57700
|
2026-06-30 03:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-o…
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-56783
|
2026-06-30 03:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when admin_api_…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-56782
|
2026-06-30 03:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projectio…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-56781
|
2026-06-30 03:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
227
|
7.5 |
HIGH
Network
|
-
|
-
|
Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api/v1/accounts/{pk}/password/ endpoint that allows domain administrators to change any user's password. At…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-56780
|
2026-06-30 03:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
228
|
8.6 |
HIGH
Network
|
-
|
-
|
Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMAC key, allowing unauthenticated attackers to compute valid HMACs for arbit…
New
|
CWE-918
CWE-1188
Server-Side Request Forgery (SSRF)
Insecure Default Initialization of Resource
|
CVE-2026-56285
|
2026-06-30 03:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
229
|
7.1 |
HIGH
Network
|
-
|
-
|
Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-56051
|
2026-06-30 03:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
230
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Unauthenticated Privilege Escalation in Easy Elements for Elementor – Addons & Website Templates <= 1.4.9 versions.
Update
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-56028
|
2026-06-30 03:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
