|
731
|
7.5 |
HIGH
Network
|
messagepack
|
messagepack
|
MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's typeless deserialization includes MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisall…
New
|
CWE-470
CWE-502
Unsafe Reflection
Deserialization of Untrusted Data
|
CVE-2026-48517
|
2026-06-26 02:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
732
|
7.5 |
HIGH
Network
|
messagepack
|
messagepack
|
MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, InterfaceLookupFormatter<TKey,TElement> constructs an internal Dictionary<TKey, IGrouping<TKey,TElement>> with the d…
New
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-48516
|
2026-06-26 02:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
733
|
7.5 |
HIGH
Network
|
messagepack
|
messagepack
|
MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's multi-dimensional array formatters read dimension lengths directly from the payload and allocat…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-48515
|
2026-06-26 02:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
734
|
8.6 |
HIGH
Network
|
-
|
-
|
Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, when using Ruby versions older than 3.4, PrivateAddressCheck.private_address? returns …
New
|
CWE-184
CWE-200
CWE-918
Incomplete Blacklist
Information Exposure
Server-Side Request Forgery (SSRF)
|
CVE-2026-47389
|
2026-06-26 02:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
735
|
7.5 |
HIGH
Network
|
-
|
-
|
The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'post_id' parameter in all versions up to, and…
New
|
CWE-89
SQL Injection
|
CVE-2026-12937
|
2026-06-26 02:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
736
|
3.7 |
LOW
Network
|
openbsd
redhat
|
openssh
hardened_images
enterprise_linux
|
A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators when a trailing…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-55654
|
2026-06-26 01:59 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
737
|
6.5 |
MEDIUM
Network
|
openbsd
redhat
|
openssh
hardened_images
openshift_container_platform
enterprise_linux
|
A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Pro…
New
|
CWE-415
Double Free
|
CVE-2026-55653
|
2026-06-26 01:57 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
738
|
6.1 |
MEDIUM
Network
|
nuxt
|
nuxt
|
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side script execution. Attackers can supply javascript: URLs…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-56698
|
2026-06-26 01:56 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
739
|
6.1 |
MEDIUM
Network
|
nuxt
|
nuxt
|
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass the script-protocol check but resolve to a cross-ori…
New
|
CWE-601
Open Redirect
|
CVE-2026-56697
|
2026-06-26 01:55 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
740
|
6.1 |
MEDIUM
Network
|
nuxt
|
nuxt
|
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads like /..//evil.com and …
New
|
CWE-601
Open Redirect
|
CVE-2026-56326
|
2026-06-26 01:51 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
