|
401
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. A highly privileged user with `manage-clients` permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the use…
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-4629
|
2026-06-30 23:14 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
402
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in leandrocp MDEx allows Excessive Allocation.
MDEx.parse_document/2 accepts a {:json, json} source. In lib/mdex.ex, the private js…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-53426
|
2026-06-30 23:14 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
403
|
8.8 |
HIGH
Network
|
-
|
-
|
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, an authenticated command injection vulnerability in the Destination Networ…
New
|
CWE-78
OS Command
|
CVE-2026-34594
|
2026-06-30 23:14 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
404
|
- |
|
-
|
-
|
Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdex_native allows an attacker who controls a rendered document to cause a denial of service through unbounded n…
New
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-53429
|
2026-06-30 23:14 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
405
|
- |
|
-
|
-
|
Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input.
mdex converts between an Elixir %MDEx.Document{} struct and Comrak's internal AST us…
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-54888
|
2026-06-30 23:14 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
406
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output.
'Elixir.MDEx':to_delt…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-54889
|
2026-06-30 23:14 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
407
|
7.5 |
HIGH
Network
|
-
|
-
|
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the HMAC key is the application's manual_webhook_secret_github field, whic…
New
|
CWE-287
Improper Authentication
|
CVE-2026-41896
|
2026-06-30 23:14 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
408
|
7.7 |
HIGH
Network
|
-
|
-
|
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, Coolify server and project lookups are not scoped to the current team, all…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-34592
|
2026-06-30 23:14 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
409
|
5.9 |
MEDIUM
Local
|
-
|
-
|
Time-of-check time-of-use (TOCTOU) race condition vulnerability in Samsung Open Source Escargot allows Leveraging Race Conditions.
This issue affects Escargot: bab3a5797557014ce3c2e28419a6310cfba90d…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-14160
|
2026-06-30 23:14 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
410
|
5.9 |
MEDIUM
Network
|
-
|
-
|
The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13 does not sanitise a form field's caption before outputting it as a column header on the administrator form-entries…
New
|
-
|
CVE-2026-11581
|
2026-06-30 23:14 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|