|
1471
|
4.4 |
MEDIUM
Local
|
-
|
-
|
Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user to trust that repository. Th…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-54325
|
2026-06-26 01:14 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1472
|
6.2 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, whic…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-9073
|
2026-06-26 01:14 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1473
|
- |
|
-
|
-
|
Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::activate_fw modules) allows bypass of Caliptra Core's verification of the MCU FW during a hitless upda…
|
CWE-253
Incorrect Check of Function Return Value
|
CVE-2026-5818
|
2026-06-26 01:14 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1474
|
- |
|
-
|
-
|
Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardwar…
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-6458
|
2026-06-26 01:14 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1475
|
5.8 |
MEDIUM
Network
|
-
|
-
|
Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal serv…
|
CWE-184
CWE-918
Incomplete Blacklist
Server-Side Request Forgery (SSRF)
|
CVE-2026-53944
|
2026-06-26 01:07 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1476
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admin API file upload endpoint allowed uploaded files to…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-53948
|
2026-06-26 01:07 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1477
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Ghost is a Node.js content management system. From 5.46.1 until 6.21.2, the validation applied to filters on the public API endpoints could be partially bypassed, making it possible to reveal private…
|
CWE-200
CWE-693
Information Exposure
Protection Mechanism Failure
|
CVE-2026-53949
|
2026-06-26 01:07 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1478
|
7.5 |
HIGH
Network
|
-
|
-
|
@tryghost/activitypub is Ghost’s social/federation client app. Prior to 3.1.0, the ActivityPub client in Ghost was vulnerable to JavaScript injection on posts shared by a maliciously customised Activ…
|
CWE-79
Cross-site Scripting
|
CVE-2026-53950
|
2026-06-26 01:07 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1479
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Jellyfin is an open source self hosted media server. Prior to 10.11.9, a potential XSS attack exists in Jellyfin which can allow a non-privileged user to execute arbitrary Javascript in the context o…
|
CWE-79
Cross-site Scripting
|
CVE-2026-49220
|
2026-06-26 01:06 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1480
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticate…
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2026-53943
|
2026-06-26 01:06 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
