|
2311
|
7.5 |
HIGH
Network
|
dalibo
|
postgresql_anonymizer
|
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuse…
|
CWE-89
SQL Injection
|
CVE-2026-11945
|
2026-06-17 00:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2312
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unr…
|
CWE-345
CWE-384
Insufficient Verification of Data Authenticity
Session Fixation
|
CVE-2026-53900
|
2026-06-17 00:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2313
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request.
|
CWE-22
Path Traversal
|
CVE-2026-50869
|
2026-06-17 00:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2314
|
4.8 |
MEDIUM
Network
|
apache
|
cxf
|
An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the security context check, the introspection endpoint (/servi…
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-50623
|
2026-06-17 00:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2315
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Bludit CMS before version 3.18.4 allows Remote Code Execution (RCE) via the API Plugin. The POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks…
|
CWE-862
Missing Authorization
|
CVE-2026-38329
|
2026-06-17 00:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2316
|
9.1 |
CRITICAL
Network
|
-
|
-
|
remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability.
|
CWE-123
Write-what-where Condition
|
CVE-2026-30121
|
2026-06-17 00:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2317
|
9.8 |
CRITICAL
Network
|
-
|
-
|
remotion-dev remotion v4.0.409 was discovered to contain a remote code execution (RCE) vulnerability.
|
CWE-94
Code Injection
|
CVE-2026-30120
|
2026-06-17 00:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2318
|
9.8 |
CRITICAL
Network
|
splunk
|
splunk
|
In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulne…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-20253
|
2026-06-17 00:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2319
|
8.8 |
HIGH
Network
|
trychroma
|
chromadb
|
A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collecti…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45830
|
2026-06-17 00:07 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2320
|
8.8 |
HIGH
Network
|
trychroma
|
chromadb
|
The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, d…
|
CWE-863
Incorrect Authorization
|
CVE-2026-45831
|
2026-06-17 00:07 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
