|
2221
|
9.1 |
CRITICAL
Network
|
-
|
-
|
i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9.7, the missingKeyHandler blocked the literal request…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-48714
|
2026-06-17 00:46 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2222
|
7.1 |
HIGH
Local
|
-
|
-
|
A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path()` method in `kedro/io/core.py` directly interpolat…
|
CWE-22
Path Traversal
|
CVE-2026-3840
|
2026-06-17 00:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2223
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting clie…
|
CWE-415
Double Free
|
CVE-2026-12043
|
2026-06-17 00:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2224
|
7.5 |
HIGH
Network
|
-
|
-
|
form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `field` argument to `FormData#append` and the `filename` option are concatenated verbatim into…
|
CWE-93
CRLF Injection
|
CVE-2026-12143
|
2026-06-17 00:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2225
|
7.5 |
HIGH
Network
|
-
|
-
|
IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser.
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-4870
|
2026-06-17 00:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2226
|
- |
|
-
|
-
|
We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator.
### S…
|
CWE-22
Path Traversal
|
CVE-2026-11769
|
2026-06-17 00:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2227
|
- |
|
-
|
-
|
The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users ha…
|
CWE-346
Origin Validation Error
|
CVE-2026-11624
|
2026-06-17 00:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2228
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions …
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-11931
|
2026-06-17 00:42 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2229
|
- |
|
-
|
-
|
Potential security vulnerabilities have been identified in the HP One
Agent for certain HP PC products, which might allow
for escalation of privilege and/or denial of service. HP
is …
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-5064
|
2026-06-17 00:42 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2230
|
5.5 |
MEDIUM
Network
|
-
|
-
|
Improper host validation in the social login autofill feature in
Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to
disclose stored social login credentials via a crafted web entry
…
|
CWE-297
Improper Validation of Certificate with Host Mismatch
|
CVE-2026-12162
|
2026-06-17 00:42 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
