|
581
|
7.5 |
HIGH
Network
|
microfocus
|
access_manager
|
An unauthorized user can modify configuration through API
calls that affects the OpenText Access
Manager. This issue affects Access Manager before 5.1.3.
Update
|
CWE-648 NVD-CWE-noinfo
Incorrect Use of Privileged APIs
|
CVE-2026-11877
|
2026-06-30 04:28 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
582
|
6.1 |
MEDIUM
Network
|
microfocus
|
access_manager
|
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText Access Manager allows Cross-Site Scripting (XSS).
This issue affects Access Manager: fr…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-11878
|
2026-06-30 04:28 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
583
|
8.8 |
HIGH
Network
|
rapid7
|
insightconnect_sqlmap
|
OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the api_host or api_port parameters during conne…
Update
|
CWE-78
OS Command
|
CVE-2026-8659
|
2026-06-30 04:28 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
584
|
3.5 |
LOW
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated att…
Update
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-3472
|
2026-06-30 04:27 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
585
|
8.8 |
HIGH
Network
|
rapid7
|
insightconnect_rpm
|
OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name parameters due to insufficie…
Update
|
CWE-78
OS Command
|
CVE-2026-8663
|
2026-06-30 04:26 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
586
|
9.8 |
CRITICAL
Network
|
rapid7
|
insightconnect_awk
|
OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parame…
Update
|
CWE-78
OS Command
|
CVE-2026-8592
|
2026-06-30 04:26 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
587
|
6.5 |
MEDIUM
Local
|
mattermost
|
mattermost_server
|
Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which all…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-4339
|
2026-06-30 04:26 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
588
|
9.8 |
CRITICAL
Network
|
rapid7
|
insightconnect_ping
|
OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient…
Update
|
CWE-78
OS Command
|
CVE-2026-8660
|
2026-06-30 04:26 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
589
|
8.8 |
HIGH
Network
|
rapid7
|
insightconnect_finger
|
OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient …
Update
|
CWE-78
OS Command
|
CVE-2026-8664
|
2026-06-30 04:25 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
590
|
9.8 |
CRITICAL
Network
|
rapid7
|
insightconnect_translate
|
OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters d…
Update
|
CWE-78
OS Command
|
CVE-2026-8665
|
2026-06-30 04:24 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|