|
1631
|
7.8 |
HIGH
Local
|
-
|
-
|
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load() to read a version-check cache file stored at a predictable, world-accessible pa…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-46607
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1632
|
7.5 |
HIGH
Network
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.14, it does not stop the HTTP file handlers from…
|
CWE-22 CWE-59
Path Traversal Link Following
|
CVE-2026-54094
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1633
|
7.8 |
HIGH
Local
|
-
|
-
|
Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the secure_popen() function in glances/secure.py interprets > (file redirection), | (pipe), and && (command ch…
|
CWE-22
Path Traversal
|
CVE-2026-53925
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1634
|
- |
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, the Hook Authentication feature in File Brows…
|
CWE-78 CWE-88 CWE-306
OS Command Argument Injection Missing Authentication for Critical Function
|
CVE-2026-54088
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1635
|
9.1 |
CRITICAL
Network
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with …
|
CWE-287 CWE-290
Improper Authentication Authentication Bypass by Spoofing
|
CVE-2026-54089
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1636
|
- |
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, filebrowser builds the download-as-zip / down…
|
CWE-22
Path Traversal
|
CVE-2026-54093
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1637
|
8.4 |
HIGH
Local
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.7, `POST /api/share/<path>` accepts an authentic…
|
CWE-863
Incorrect Authorization
|
CVE-2026-54096
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1638
|
- |
|
-
|
-
|
Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens.
Anonymous exploitation requires knowledge of a random identifier.
This issue affects Can…
|
CWE-79
Cross-site Scripting
|
CVE-2026-13140
|
2026-06-26 04:52 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1639
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restricted to admin users. An attacker could leverage this to gain …
|
CWE-287
Improper Authentication
|
CVE-2026-34917
|
2026-06-26 04:52 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1640
|
0.0 |
NONE
Network
|
-
|
-
|
Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in the details field of the userlog table.…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44956
|
2026-06-26 04:52 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|