|
1491
|
7.5 |
HIGH
Network
|
-
|
-
|
Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate_image() function within the AI service backend that allows unauthenticated attackers to…
|
CWE-22
Path Traversal
|
CVE-2026-49136
|
2026-06-2 23:45 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1492
|
8.2 |
HIGH
Network
|
-
|
-
|
Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through the categor…
|
CWE-89
SQL Injection
|
CVE-2018-25433
|
2026-06-2 23:45 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1493
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
A buffer overflow vulnerability in the UPnP AddPortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of…
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-3870
|
2026-06-2 23:45 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1494
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
A buffer overflow vulnerability in the UPnP DeletePortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial…
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-3871
|
2026-06-2 23:45 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1495
|
- |
|
-
|
-
|
LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to th…
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-10549
|
2026-06-2 23:45 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1496
|
8.8 |
HIGH
Network
|
-
|
-
|
microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw_to_header() function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a cra…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-43623
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1497
|
8.2 |
HIGH
Network
|
-
|
-
|
F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-suppli…
|
CWE-22
Path Traversal
|
CVE-2026-43624
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1498
|
5.9 |
MEDIUM
Network
|
-
|
-
|
CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp a…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-43625
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1499
|
7.1 |
HIGH
Network
|
-
|
-
|
CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in tempora…
|
CWE-377
Insecure Temporary File
|
CVE-2026-49134
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1500
|
7.1 |
HIGH
Local
|
-
|
-
|
CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictabl…
|
CWE-59
CWE-377
Link Following
Insecure Temporary File
|
CVE-2026-49135
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
