|
2231
|
8.2 |
HIGH
Network
|
-
|
-
|
Joomla! Component My Projects 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the VerAyari param…
|
CWE-89
SQL Injection
|
CVE-2017-20253
|
2026-06-24 03:17 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2232
|
5.5 |
MEDIUM
Local
|
-
|
-
|
NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-database writes without host-side authorization check…
|
CWE-602
Client-Side Enforcement of Server-Side Security
|
CVE-2026-56693
|
2026-06-24 02:58 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2233
|
5.4 |
MEDIUM
Network
|
-
|
-
|
OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted r…
|
CWE-862
Missing Authorization
|
CVE-2026-56696
|
2026-06-24 02:58 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2234
|
6.1 |
MEDIUM
Network
|
flowiseai
|
flowise
|
Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScrip…
|
CWE-80
Basic XSS
|
CVE-2025-71331
|
2026-06-24 02:53 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2235
|
8.2 |
HIGH
Network
|
messagepack
|
messagepack
|
MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes Lz4Block and Lz4…
|
CWE-20
Improper Input Validation
|
CVE-2026-48109
|
2026-06-24 02:25 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2236
|
7.5 |
HIGH
Network
|
messagepack
|
messagepack
|
MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime() can allocate stack memory based on an attacker-controlled MessagePack extension len…
|
CWE-125 CWE-190 CWE-407 CWE-409 CWE-470 CWE-502 CWE-674 CWE-789 CWE-1188
Out-of-bounds Read Integer Overflow or Wraparound Inefficient Algorithmic Complexity Improper Handling of Highly Compressed Data (Data Amplification) Unsafe Reflection Deserialization of Untrusted Data Uncontrolled Recursion Memory Allocation with Excessive Size Value Insecure Default Initialization of Resource
|
CVE-2026-48502
|
2026-06-24 02:25 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2237
|
7.5 |
HIGH
Network
|
messagepack
|
messagepack
|
MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip() recursively descends into nested arrays and maps without incrementing the reader depth o…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-48506
|
2026-06-24 02:24 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2238
|
8.1 |
HIGH
Network
|
-
|
-
|
piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run() paths read the filename option via plain member access. Both reads fall through…
|
CWE-94 CWE-1321
Code Injection Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-55388
|
2026-06-24 02:17 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2239
|
6.1 |
MEDIUM
Network
|
astro
|
astro
|
Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolate…
|
CWE-79
Cross-site Scripting
|
CVE-2026-54298
|
2026-06-24 02:17 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2240
|
- |
|
-
|
-
|
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This…
|
CWE-200 CWE-522
Information Exposure Insufficiently Protected Credentials
|
CVE-2026-54276
|
2026-06-24 02:17 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|