|
561
|
7.3 |
HIGH
Network
|
pnpm
|
pnpm
|
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline (@pnpm/patch-package) performs no path validation on file paths extracted from .patch files. An attacker who …
Update
|
CWE-22
Path Traversal
|
CVE-2026-50015
|
2026-06-30 06:15 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
562
|
7.3 |
HIGH
Network
|
pnpm
|
pnpm
|
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git depend…
Update
|
CWE-88
Argument Injection
|
CVE-2026-50014
|
2026-06-30 06:14 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
563
|
7.5 |
HIGH
Network
|
pnpm
|
pnpm
|
pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. The lockfile do…
Update
|
CWE-353
Missing Support for Integrity Check
|
CVE-2026-48995
|
2026-06-30 05:30 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
564
|
4.3 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
A bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns and trackers through the `tracker-campaigns.php` script in …
Update
|
CWE-284
Improper Access Control
|
CVE-2026-50739
|
2026-06-30 05:22 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
565
|
5.4 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-50740
|
2026-06-30 05:22 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
566
|
8.8 |
HIGH
Network
|
revive-adserver
|
revive_adserver
|
Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin ident…
Update
|
CWE-94
Code Injection
|
CVE-2026-50741
|
2026-06-30 05:21 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
567
|
5.4 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-50742
|
2026-06-30 05:20 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
568
|
4.3 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method …
Update
|
CWE-284
Improper Access Control
|
CVE-2026-50744
|
2026-06-30 05:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
569
|
7.2 |
HIGH
Network
|
-
|
-
|
The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the REQUEST_URI server variable in all versions up to, and including, 4.5.18. When the plugin's `…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-9643
|
2026-06-30 05:17 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
570
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is due to the lb24_block_enqueue_scripts() function…
Update
|
CWE-200
Information Exposure
|
CVE-2026-9183
|
2026-06-30 05:17 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|