|
591
|
9.8 |
CRITICAL
Network
|
rapid7
|
insightconnect_traceroute
|
OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max_ttl, c…
Update
|
CWE-78
OS Command
|
CVE-2026-8666
|
2026-06-30 04:24 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
592
|
8.8 |
HIGH
Network
|
rapid7
|
insightconnect_tcpdump
|
OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insuffi…
Update
|
CWE-78
OS Command
|
CVE-2026-8658
|
2026-06-30 04:23 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
593
|
4.3 |
MEDIUM
Network
|
rapid7
|
insightconnect_compression
|
Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename …
Update
|
CWE-22
Path Traversal
|
CVE-2026-8662
|
2026-06-30 04:22 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
594
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token (RAT), could exploit this vulnerability to re-enable a client t…
Update
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-9705
|
2026-06-30 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
595
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Image Sizes on Demand plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Server Variable in all versions up to, and including, 1.3 due to insufficient input sanitiz…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-8622
|
2026-06-30 04:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
596
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declarations or enable FEATURE_SECURE_PROCESSING. An at…
Update
|
CWE-776
XML Entity Expansion
|
CVE-2026-12993
|
2026-06-30 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
597
|
9.1 |
CRITICAL
Network
|
anthropic
|
claude_code
|
Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including att…
Update
|
CWE-183 CWE-200 CWE-515
Permissive List of Allowed Inputs Information Exposure Covert Storage Channel
|
CVE-2026-54316
|
2026-06-30 04:09 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
598
|
4.2 |
MEDIUM
Network
|
caddyserver
|
caddy
|
Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, …
Update
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-52846
|
2026-06-30 04:08 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
599
|
7.5 |
HIGH
Network
|
caddyserver
|
caddy
|
Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outside /private/*, but file_server later resolves the s…
Update
|
CWE-22 CWE-284
Path Traversal Improper Access Control
|
CVE-2026-52844
|
2026-06-30 04:08 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
600
|
6.1 |
MEDIUM
Network
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring check rather than a host check at str_contains($refer…
Update
|
CWE-601
Open Redirect
|
CVE-2026-40080
|
2026-06-30 03:52 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|