|
391
|
8.8 |
HIGH
Network
|
-
|
-
|
FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handler that allows authenticated attackers to execute arbitrary code by uploading files with traversal …
New
|
CWE-22
Path Traversal
|
CVE-2026-40521
|
2026-06-30 23:16 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
392
|
8.8 |
HIGH
Network
|
-
|
-
|
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.470, a critical Authenticated Host Remote Code Execution (RCE) vulnerability wa…
New
|
CWE-78
OS Command
|
CVE-2026-34597
|
2026-06-30 23:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
393
|
3.7 |
LOW
Network
|
-
|
-
|
CryptX versions before 0.088_001 for Perl compare AEAD authentication tags in non-constant time in the streaming decrypt_done path.
The decrypt_done($tag) form compares it against the computed tag w…
New
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-13758
|
2026-06-30 23:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
394
|
4.4 |
MEDIUM
Local
|
-
|
-
|
A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Az…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-13316
|
2026-06-30 23:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
395
|
- |
|
-
|
-
|
Raytha CMS is vulnerable to SQL Injection within the OData filter parsing pipeline. The vulnerability allows a remote, unauthenticated attacker to execute
arbitrary SQL statements against the under…
New
|
CWE-89
SQL Injection
|
CVE-2026-12076
|
2026-06-30 23:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
396
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.9.9.5. This is due to t…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-12073
|
2026-06-30 23:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
397
|
8.8 |
HIGH
Network
|
-
|
-
|
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript (…
New
|
-
|
CVE-2026-11589
|
2026-06-30 23:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
398
|
- |
|
-
|
-
|
PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server.
New
|
-
|
CVE-2026-10763
|
2026-06-30 23:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
399
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) contains an unsandboxed remote code execution vulnerability in the Custom MCP feature, which is designed to execute OS commands such…
Update
|
CWE-78
OS Command
|
CVE-2025-71336
|
2026-06-30 23:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
400
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions (FGAPv2) are enabled, an …
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-14209
|
2026-06-30 23:14 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|