|
971
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURE_SECURE_PROCESSING. An at…
New
|
CWE-776
XML Entity Expansion
|
CVE-2026-12993
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
972
|
4.2 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A …
New
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-13218
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
973
|
6.4 |
MEDIUM
Network
|
-
|
-
|
A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance (VMI), virt-api reads the target IP…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-13318
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
974
|
3.8 |
LOW
Local
|
-
|
-
|
A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is …
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-13322
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
975
|
- |
|
-
|
-
|
A vulnerability exists in the netclient and factory services of Reolink Home Hub (versions prior to v3.3.0.456_26031911) due to the possibility of brute-force cracking the credentials. This issue cou…
New
|
CWE-1391
Use of Weak Credentials
|
CVE-2026-57473
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
976
|
8.5 |
HIGH
Network
|
-
|
-
|
A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-13325
|
2026-06-27 01:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
977
|
8.1 |
HIGH
Network
|
-
|
-
|
picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in __reduce__ methods. Attackers can embed undetected code in pickle files tha…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-71340
|
2026-06-27 01:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
978
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing f…
New
|
-
|
CVE-2025-10268
|
2026-06-27 01:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
979
|
7.5 |
HIGH
Network
|
-
|
-
|
The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attac…
New
|
-
|
CVE-2026-10823
|
2026-06-27 01:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
980
|
7.7 |
HIGH
Network
|
-
|
-
|
The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce au…
New
|
-
|
CVE-2026-10835
|
2026-06-27 01:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
