|
61
|
- |
|
-
|
-
|
Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses.
The add method called the _encode method to parse addresses. If the addresses did not look like netmasks or network range…
New
|
CWE-674
CWE-1287
Uncontrolled Recursion
Improper Validation of Specified Type of Input
|
CVE-2026-49941
|
2026-06-5 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
62
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detecti…
New
|
CWE-400
CWE-674
Uncontrolled Resource Consumption
Uncontrolled Recursion
|
CVE-2026-47706
|
2026-06-5 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
63
|
- |
|
-
|
-
|
Etsy::StatsD versions through 1.002002 for Perl allow metric injections.
The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inj…
New
|
CWE-93
CRLF Injection
|
CVE-2026-46741
|
2026-06-5 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
64
|
- |
|
-
|
-
|
Net::Statsd versions before 0.13 for Perl allow metric injections.
The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional st…
New
|
CWE-93
CRLF Injection
|
CVE-2026-46739
|
2026-06-5 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
65
|
5.3 |
MEDIUM
Network
|
-
|
-
|
OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes `Parse` to process arbitrarily large/invalid baggage headers and log …
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-41178
|
2026-06-5 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
66
|
7.1 |
HIGH
Physics
|
-
|
-
|
GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to extract these active toke…
New
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2026-36176
|
2026-06-5 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
67
|
6.8 |
MEDIUM
Physics
|
-
|
-
|
An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted str…
New
|
CWE-20
CWE-288
Improper Input Validation
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-36175
|
2026-06-5 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
68
|
9.1 |
CRITICAL
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-8644
|
2026-06-5 01:58 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
69
|
9.0 |
CRITICAL
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-9319
|
2026-06-5 01:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
70
|
9.0 |
CRITICAL
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.
New
|
CWE-94
Code Injection
|
CVE-2026-9311
|
2026-06-5 01:53 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
