|
371
|
- |
|
-
|
-
|
Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions.
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-12819
|
2026-06-30 23:18 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
372
|
- |
|
-
|
-
|
The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code.
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-12578
|
2026-06-30 23:18 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
373
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that frag…
New
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-13762
|
2026-06-30 23:17 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
374
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 reques…
New
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-13763
|
2026-06-30 23:17 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
375
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS2…
New
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-57997
|
2026-06-30 23:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
376
|
- |
|
-
|
-
|
Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser b…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6954
|
2026-06-30 23:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
377
|
9.1 |
CRITICAL
Network
|
-
|
-
|
@fastify/express versions 4.0.6 and earlier only rewrite the plugin prefix for middleware mount paths when the path argument is a string. Non-string mount paths (arrays of paths and regular expressio…
New
|
CWE-285
Improper Authorization
|
CVE-2026-6556
|
2026-06-30 23:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
378
|
8.8 |
HIGH
Network
|
-
|
-
|
luci-app-tailscale-community contains a command injection vulnerability in the tailscale.do_login RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability e…
New
|
CWE-78
OS Command
|
CVE-2026-57999
|
2026-06-30 23:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
379
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers to sort collections by forbidden fields. Attackers ca…
New
|
CWE-862
Missing Authorization
|
CVE-2026-57954
|
2026-06-30 23:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
380
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enab…
New
|
CWE-614 CWE-1004
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Sensitive Cookie Without 'HttpOnly' Flag
|
CVE-2026-57948
|
2026-06-30 23:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|