|
931
|
- |
|
-
|
-
|
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies.
When Tesla.Middleware.…
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-48594
|
2026-06-5 00:42 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
932
|
- |
|
-
|
-
|
Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects.
Tesla.Middleware.FollowRedirects strips securit…
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2026-48595
|
2026-06-5 00:42 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
933
|
- |
|
-
|
-
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.add_content_type_par…
|
CWE-113
HTTP Response Splitting
|
CVE-2026-48596
|
2026-06-5 00:42 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
934
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint.
Tesla.Adapter.Mint.open_conn/2 conv…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-48597
|
2026-06-5 00:42 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
935
|
- |
|
-
|
-
|
Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values.
Tesla.Multipart.part_headers_fo…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-48598
|
2026-06-5 00:42 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
936
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /receipt.php. Such manipulation of the ar…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-10811
|
2026-06-5 00:41 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
937
|
- |
|
-
|
-
|
GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7.
|
CWE-79
Cross-site Scripting
|
CVE-2026-40108
|
2026-06-5 00:41 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
938
|
9.0 |
CRITICAL
Network
|
-
|
-
|
RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile.
|
CWE-79
Cross-site Scripting
|
CVE-2026-36748
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
939
|
- |
|
-
|
-
|
GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the …
|
CWE-862
Missing Authorization
|
CVE-2026-42317
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
940
|
- |
|
-
|
-
|
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with access to planning can delete any object in GLPI.…
|
CWE-862
Missing Authorization
|
CVE-2026-42318
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
