|
1741
|
- |
|
-
|
-
|
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attack…
|
CWE-77
Command Injection
|
CVE-2024-52011
|
2026-06-2 23:04 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1742
|
- |
|
-
|
-
|
CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path componen…
|
CWE-22
Path Traversal
|
CVE-2026-45727
|
2026-06-2 23:04 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1743
|
8.1 |
HIGH
Network
|
-
|
-
|
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the …
|
CWE-88
Argument Injection
|
CVE-2026-41013
|
2026-06-2 23:01 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1744
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulner…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-43958
|
2026-06-2 23:01 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1745
|
7.5 |
HIGH
Network
|
-
|
-
|
Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and pl…
|
CWE-287
Improper Authentication
|
CVE-2026-40964
|
2026-06-2 23:01 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1746
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) private keys are inadvertently exposed thr…
|
CWE-200
Information Exposure
|
CVE-2026-40965
|
2026-06-2 23:01 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1747
|
8.8 |
HIGH
Network
|
-
|
-
|
IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator.
|
CWE-74
Injection
|
CVE-2026-7770
|
2026-06-2 23:01 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1748
|
8.8 |
HIGH
Network
|
-
|
-
|
An Improper Access Control vulnerability in Ivanti Neurons for ITSM (cloud and on-premises) allows a remote authenticated attacker to gain administrative access.
|
CWE-284
Improper Access Control
|
CVE-2026-9614
|
2026-06-2 23:01 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1749
|
8.8 |
HIGH
Network
|
bentoml
|
bentoml
|
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/_internal/container/frontend/dockerfile/templates/base_v2.j2 in…
|
CWE-78
OS Command
|
CVE-2026-44345
|
2026-06-2 22:59 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1750
|
- |
|
-
|
-
|
Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter…
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-34906
|
2026-06-2 22:54 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
