|
801
|
- |
|
-
|
-
|
An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests to cause th…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-9105
|
2026-06-30 02:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
802
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administr…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-50767
|
2026-06-30 02:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
803
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edit_items permis…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-50766
|
2026-06-30 02:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
804
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-50765
|
2026-06-30 02:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
805
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, poten…
New
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-13437
|
2026-06-30 02:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
806
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
New
|
-
|
CVE-2026-12672
|
2026-06-30 02:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
807
|
10.0 |
CRITICAL
Network
|
kidocode
|
crawl4ai
|
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST validator that only blocks attributes st…
Update
|
CWE-94 CWE-913
Code Injection Improper Control of Dynamically-Managed Code Resources
|
CVE-2026-53753
|
2026-06-30 01:57 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
808
|
7.5 |
HIGH
Network
|
kidocode
|
crawl4ai
|
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection (validate_webhook_url / validate_url_destination in deploy/docker/utils.py) used…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-53754
|
2026-06-30 01:53 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
809
|
7.5 |
HIGH
Network
|
kidocode
|
crawl4ai
|
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unau…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-53755
|
2026-06-30 01:50 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
810
|
4.4 |
MEDIUM
Local
|
fortra
|
file_integrity_monitoring
|
Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command whil…
Update
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-12164
|
2026-06-30 01:21 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|