|
3121
|
8.3 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without…
|
CWE-862
Missing Authorization
|
CVE-2026-32905
|
2026-06-2 03:36 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3122
|
5.4 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFrom policy checks. Attackers can route admin comma…
|
CWE-863
Incorrect Authorization
|
CVE-2026-34507
|
2026-06-2 03:36 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3123
|
4.8 |
MEDIUM
Network
|
tp-link
|
tl-sg108pe_firmware
|
A stored
cross-site scripting (XSS) vulnerability has been identified in the web
management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM
configuration paramete…
|
CWE-79
Cross-site Scripting
|
CVE-2026-34127
|
2026-06-2 03:35 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3124
|
9.9 |
CRITICAL
Network
|
yhirose
|
cpp-httplib
|
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header va…
|
CWE-93
CWE-444
CRLF Injection
HTTP Request Smuggling
|
CVE-2026-45372
|
2026-06-2 03:34 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3125
|
8.2 |
HIGH
Network
|
-
|
-
|
Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspac…
|
CWE-427
CWE-829
Uncontrolled Search Path Element
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-44358
|
2026-06-2 03:33 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3126
|
8.7 |
HIGH
Network
|
-
|
-
|
Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in …
|
CWE-269
Improper Privilege Management
|
CVE-2026-44543
|
2026-06-2 03:33 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3127
|
7.4 |
HIGH
Network
|
-
|
-
|
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totp_setup.php is callable from a session that has only passed the passwo…
|
CWE-200
CWE-287
CWE-306
Information Exposure
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-44460
|
2026-06-2 03:33 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3128
|
- |
|
-
|
-
|
mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dyna…
|
CWE-94
Code Injection
|
CVE-2026-44672
|
2026-06-2 03:33 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3129
|
5.9 |
MEDIUM
Network
|
github
|
enterprise_server
|
A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-8606
|
2026-06-2 03:33 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3130
|
7.5 |
HIGH
Network
|
yhirose
|
cpp-httplib
|
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::set_trusted_proxies() with a non-empty trusted-proxy list, an att…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-46527
|
2026-06-2 03:32 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
