|
1731
|
7.5 |
HIGH
Network
|
messagepack
|
messagepack
|
MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's multi-dimensional array formatters read dimension lengths directly from the payload and allocat…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-48515
|
2026-06-26 02:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1732
|
8.6 |
HIGH
Network
|
-
|
-
|
Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, when using Ruby versions older than 3.4, PrivateAddressCheck.private_address? returns …
|
CWE-184 CWE-200 CWE-918
Incomplete Blacklist Information Exposure Server-Side Request Forgery (SSRF)
|
CVE-2026-47389
|
2026-06-26 02:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1733
|
7.5 |
HIGH
Network
|
-
|
-
|
The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'post_id' parameter in all versions up to, and…
|
CWE-89
SQL Injection
|
CVE-2026-12937
|
2026-06-26 02:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1734
|
3.7 |
LOW
Network
|
openbsd redhat
|
openssh hardened_images enterprise_linux
|
A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators when a trailing…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-55654
|
2026-06-26 01:59 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1735
|
6.5 |
MEDIUM
Network
|
openbsd redhat
|
openssh hardened_images openshift_container_platform enterprise_linux
|
A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Pro…
|
CWE-415
Double Free
|
CVE-2026-55653
|
2026-06-26 01:57 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1736
|
6.1 |
MEDIUM
Network
|
nuxt
|
nuxt
|
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side script execution. Attackers can supply javascript: URLs…
|
CWE-79
Cross-site Scripting
|
CVE-2026-56698
|
2026-06-26 01:56 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1737
|
6.1 |
MEDIUM
Network
|
nuxt
|
nuxt
|
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass the script-protocol check but resolve to a cross-ori…
|
CWE-601
Open Redirect
|
CVE-2026-56697
|
2026-06-26 01:55 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1738
|
6.1 |
MEDIUM
Network
|
nuxt
|
nuxt
|
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads like /..//evil.com and …
|
CWE-601
Open Redirect
|
CVE-2026-56326
|
2026-06-26 01:51 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1739
|
3.3 |
LOW
Local
|
pypdf_project
|
pypdf
|
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which …
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-49460
|
2026-06-26 01:51 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1740
|
7.7 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query parameter is omitted (the default), the endpoint returns…
|
CWE-863
Incorrect Authorization
|
CVE-2026-56268
|
2026-06-26 01:50 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|