|
2031
|
- |
|
-
|
-
|
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/com…
|
CWE-79
Cross-site Scripting
|
CVE-2026-54265
|
2026-06-23 03:21 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2032
|
- |
|
-
|
-
|
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side boot…
|
CWE-79
CWE-471
Cross-site Scripting
Modification of Assumed-Immutable Data (MAID)
|
CVE-2026-54267
|
2026-06-23 03:21 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2033
|
8.1 |
HIGH
Network
|
-
|
-
|
PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` guarded the output filename against the `phar://` stream wrappe…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-49286
|
2026-06-23 03:20 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2034
|
2.3 |
LOW
Local
|
-
|
-
|
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, …
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2026-9610
|
2026-06-23 03:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2035
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogo_rest_create_post_translation. This makes it possible for authent…
|
CWE-862
Missing Authorization
|
CVE-2026-9013
|
2026-06-23 03:16 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2036
|
5.5 |
MEDIUM
Local
|
-
|
-
|
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys …
|
CWE-316
Cleartext Storage of Sensitive Information in Memory
|
CVE-2026-8636
|
2026-06-23 03:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2037
|
- |
|
-
|
-
|
Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper en…
|
CWE-416
CWE-611
Use After Free
XXE
|
CVE-2026-6653
|
2026-06-23 03:16 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2038
|
- |
|
-
|
-
|
AIL did not restrict repeated failed attempts to verify a two-factor authentication (OTP) code. An attacker who had reached the 2FA verification step, such as after successfully completing the passwo…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-56450
|
2026-06-23 03:16 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2039
|
- |
|
-
|
-
|
A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authenticated AIL user can supply crafted object identifiers t…
|
CWE-22
Path Traversal
|
CVE-2026-56448
|
2026-06-23 03:16 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2040
|
- |
|
-
|
-
|
Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys (id) and ownership/scope foreign keys (event_id, org_id, user_id, sharing_group_i…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-56422
|
2026-06-23 03:16 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
