|
1001
|
4.3 |
MEDIUM
Network
|
djangoproject
|
django
|
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.
`django.http.HttpRequest.get_signed_cookie` in Django uses a non-injective salt derivation (concatenating the cookie name and…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-6873
|
2026-06-5 21:58 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1002
|
3.1 |
LOW
Network
|
djangoproject
|
django
|
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.
`django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent reuse of a partially-initialized connection after a …
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-7666
|
2026-06-5 21:46 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1003
|
5.3 |
MEDIUM
Network
|
djangoproject
|
django
|
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.
`django.middleware.cache.UpdateCacheMiddleware` in Django does not match `Cache-Control` response directives case-insensitive…
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2026-8404
|
2026-06-5 21:38 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1004
|
7.2 |
HIGH
Network
|
-
|
-
|
Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit pay…
|
CWE-79
Cross-site Scripting
|
CVE-2019-25737
|
2026-06-5 21:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1005
|
7.2 |
HIGH
Network
|
-
|
-
|
Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inje…
|
CWE-79
Cross-site Scripting
|
CVE-2019-25731
|
2026-06-5 21:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1006
|
5.3 |
MEDIUM
Network
|
exim
|
exim
|
Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.
|
CWE-839
Numeric Range Comparison Without Minimum Check
|
CVE-2026-48840
|
2026-06-5 20:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1007
|
8.6 |
HIGH
Network
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ibmveth: Disable GSO for packets with small MSS
Some physical adapters on Power systems do not support segmentation
offload when …
|
-
|
CVE-2026-46273
|
2026-06-5 16:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1008
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: do WoW offloads only on primary link
In case of multi-link connection, WCN7850 firmware crashes due to WoW
offloads…
|
-
|
CVE-2026-46271
|
2026-06-5 16:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1009
|
8.4 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
power: supply: rt9455: Fix use-after-free in power_supply_changed()
Using the `devm_` variant for requesting IRQ _before_ the `de…
|
-
|
CVE-2026-46270
|
2026-06-5 16:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1010
|
9.1 |
CRITICAL
Network
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP
Yizhou Zhao reported that simply having one RAW socket on protocol
IP…
|
-
|
CVE-2026-46266
|
2026-06-5 16:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
