|
1161
|
7.5 |
HIGH
Network
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, File Browser's public share handlers rebase t…
|
CWE-863
Incorrect Authorization
|
CVE-2026-54091
|
2026-06-27 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1162
|
7.1 |
HIGH
Network
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar package README from Markdown to HTML with the lute engin…
|
CWE-79 CWE-184
Cross-site Scripting Incomplete Blacklist
|
CVE-2026-54070
|
2026-06-27 04:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1163
|
5.5 |
MEDIUM
Network
|
snipeitapp
|
snipe-it
|
Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/{their_own_id} and grant themselves any permission except …
|
CWE-863
Incorrect Authorization
|
CVE-2026-48493
|
2026-06-27 04:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1164
|
- |
|
-
|
-
|
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local .npmrc file. In the reproduced case…
|
CWE-200 CWE-522
Information Exposure Insufficiently Protected Credentials
|
CVE-2026-50017
|
2026-06-27 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1165
|
- |
|
-
|
-
|
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat does not revoke OAuth bearer or …
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-49277
|
2026-06-27 04:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1166
|
7.4 |
HIGH
Network
|
-
|
-
|
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s) introduced a configurable CORS origin list in version 4.5.3 as a mitigation fo…
|
CWE-183 CWE-942
Permissive List of Allowed Inputs Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-46608
|
2026-06-27 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1167
|
8.5 |
HIGH
Network
|
-
|
-
|
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's sendFileMessage DDP method pas…
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-45687
|
2026-06-27 04:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1168
|
8.8 |
HIGH
Network
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue ha…
|
CWE-89
SQL Injection
|
CVE-2026-39951
|
2026-06-27 04:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1169
|
7.8 |
HIGH
Local
|
dell
|
wyse_management_suite
|
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability. A low privileged attacker with local access could potentially explo…
|
CWE-59
Link Following
|
CVE-2026-44274
|
2026-06-27 04:15 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1170
|
8.8 |
HIGH
Network
|
dell
|
wyse_management_suite
|
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker …
|
CWE-89
SQL Injection
|
CVE-2026-44271
|
2026-06-27 04:14 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|