|
2611
|
- |
|
-
|
-
|
Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-11943
|
2026-06-23 03:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2612
|
- |
|
-
|
-
|
Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can s…
|
CWE-79
Cross-site Scripting
|
CVE-2026-11942
|
2026-06-23 03:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2613
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
|
-
|
CVE-2026-11825
|
2026-06-23 03:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2614
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The User Admin Simplifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the use…
|
CWE-352
Origin Validation Error
|
CVE-2026-11775
|
2026-06-23 03:16 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2615
|
5.4 |
MEDIUM
Network
|
-
|
-
|
IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus alter…
|
CWE-79
Cross-site Scripting
|
CVE-2026-11372
|
2026-06-23 03:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2616
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.4.2. This is due to a missing capabili…
|
CWE-862
Missing Authorization
|
CVE-2026-10779
|
2026-06-23 03:16 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2617
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to im…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-54178
|
2026-06-23 03:16 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2618
|
8.1 |
HIGH
Network
|
-
|
-
|
A stored cross-site scripting vulnerability in the Runtime component of Pilz PASvisu before 1.14.1 and PMI v8xx up to and including 2.0.33992 allows a low-privileged remote unauthenticated attacker t…
|
CWE-79
Cross-site Scripting
|
CVE-2023-45796
|
2026-06-23 03:16 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2619
|
6.3 |
MEDIUM
Local
|
-
|
-
|
pam_usb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv() environment variables XRDP_SESSION, DISPLAY and TMUX allow environment variable injecti…
|
CWE-454 CWE-807
External Initialization of Trusted Variables or Data Stores Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-48980
|
2026-06-23 02:56 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2620
|
6.7 |
MEDIUM
Local
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, pam_usb calls xmlReadFile() with flags=0 when loading the configuration file, allowing l…
|
CWE-611
XXE
|
CVE-2026-48981
|
2026-06-23 02:56 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|