|
251
|
3.6 |
LOW
Local
|
-
|
-
|
Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cor…
New
|
CWE-89
SQL Injection
|
CVE-2026-13746
|
2026-06-30 02:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252
|
8.3 |
HIGH
Network
|
-
|
-
|
Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manife…
New
|
CWE-89
SQL Injection
|
CVE-2026-13744
|
2026-06-30 02:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, poten…
New
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-13437
|
2026-06-30 02:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
New
|
-
|
CVE-2026-12672
|
2026-06-30 02:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255
|
10.0 |
CRITICAL
Network
|
kidocode
|
crawl4ai
|
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST validator that only blocks attributes st…
New
|
CWE-94
CWE-913
Code Injection
Improper Control of Dynamically-Managed Code Resources
|
CVE-2026-53753
|
2026-06-30 01:57 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256
|
7.5 |
HIGH
Network
|
kidocode
|
crawl4ai
|
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection (validate_webhook_url / validate_url_destination in deploy/docker/utils.py) used…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-53754
|
2026-06-30 01:53 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257
|
7.5 |
HIGH
Network
|
kidocode
|
crawl4ai
|
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unau…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-53755
|
2026-06-30 01:50 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258
|
4.4 |
MEDIUM
Local
|
fortra
|
file_integrity_monitoring
|
Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command whil…
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-12164
|
2026-06-30 01:21 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259
|
6.5 |
MEDIUM
Adjacent
|
tp-link
|
tapo_c200_firmware
|
A denial-of-service (DoS) vulnerability has been identified in Tapo C200 v3 in the network packet handling logic due to improper handling of IPv4 fragmented packets. An unauthenticated adjacent atta…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-12760
|
2026-06-30 01:17 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_get_data_primitive (libnetutil/netutil.cc), so the pointer advances past the buffer and the remaining…
New
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-58058
|
2026-06-30 01:16 |
2026-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
