|
31
|
4.4 |
MEDIUM
Local
|
-
|
-
|
A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs b…
New
|
CWE-22
Path Traversal
|
CVE-2026-57966
|
2026-06-30 03:51 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
32
|
7.1 |
HIGH
Local
|
-
|
-
|
A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenU…
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-13601
|
2026-06-30 03:51 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
33
|
8.8 |
HIGH
Network
|
-
|
-
|
A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicio…
New
|
CWE-88
Argument Injection
|
CVE-2026-12856
|
2026-06-30 03:51 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
34
|
4.3 |
MEDIUM
Network
|
-
|
-
|
HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain…
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-56457
|
2026-06-30 03:51 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
35
|
7.5 |
HIGH
Network
|
-
|
-
|
The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters.
New
|
CWE-284
Improper Access Control
|
CVE-2026-49049
|
2026-06-30 03:51 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
36
|
- |
|
-
|
-
|
Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, …
New
|
CWE-22
CWE-59
CWE-78
Path Traversal
Link Following
OS Command
|
CVE-2026-55607
|
2026-06-30 03:51 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
37
|
- |
|
-
|
-
|
Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path (/tmp/claude/response.md) without UID isolation, rand…
New
|
CWE-59
CWE-200
CWE-377
Link Following
Information Exposure
Insecure Temporary File
|
CVE-2026-46406
|
2026-06-30 03:51 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
38
|
- |
|
-
|
-
|
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
New
|
CWE-284
Improper Access Control
|
CVE-2026-56290
|
2026-06-30 03:51 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
39
|
7.3 |
HIGH
Local
|
-
|
-
|
A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images …
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-12912
|
2026-06-30 03:51 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
40
|
5.4 |
MEDIUM
Network
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing session_regenerate_id() after login, leading to Session Fixation. session_regenerate_id() is…
New
|
CWE-384
Session Fixation
|
CVE-2026-40082
|
2026-06-30 03:50 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
