|
11
|
7.5 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This script is NOT declared in manif…
New
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-8879
|
2026-06-5 03:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
6.5 |
MEDIUM
Network
|
libxls_project
|
libxls
|
libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT) in read_MSAT() is not ful…
New
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-26824
|
2026-06-5 03:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
5.3 |
MEDIUM
Network
|
libxls_project
|
libxls
|
A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory origi…
New
|
CWE-908
Use of Uninitialized Resource
|
CVE-2026-26825
|
2026-06-5 03:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
7.7 |
HIGH
Network
|
openstack
|
ironic
|
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.
New
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-46447
|
2026-06-5 03:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
4.9 |
MEDIUM
Network
|
openstack
|
ironic
|
OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template.
New
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-44917
|
2026-06-5 03:40 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
8.1 |
HIGH
Network
|
openstack
|
ironic
|
OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.
New
|
CWE-23
Relative Path Traversal
|
CVE-2026-48681
|
2026-06-5 03:40 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
5.9 |
MEDIUM
Local
|
libexpat_project
|
libexpat
|
libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation.…
New
|
CWE-416
Use After Free
|
CVE-2026-50219
|
2026-06-5 03:39 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
7.5 |
HIGH
Network
|
solarwinds
|
web_help_desk
|
SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server to crash due to insufficient memory.
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-28299
|
2026-06-5 03:39 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
4.3 |
MEDIUM
Network
|
hcltech
|
icontrol
|
HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain…
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2025-52606
|
2026-06-5 03:38 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
4.3 |
MEDIUM
Network
|
hcltech
|
icontrol
|
HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path…
New
|
CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
|
CVE-2025-52608
|
2026-06-5 03:38 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
