|
601
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-53741
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
602
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attr…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-53742
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
603
|
7.5 |
HIGH
Network
|
-
|
-
|
kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-10142
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
604
|
7.5 |
HIGH
Network
|
-
|
-
|
kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supp…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-10143
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
605
|
- |
|
-
|
-
|
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface.
This issue i…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-0266
|
2026-06-12 00:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
606
|
- |
|
-
|
-
|
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the Glo…
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-0267
|
2026-06-12 00:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
607
|
- |
|
-
|
-
|
A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel.
This does not impact Prisma Access Agent on Window…
New
|
CWE-424
Improper Protection of Alternate Path
|
CVE-2026-0268
|
2026-06-12 00:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
608
|
- |
|
-
|
-
|
A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using a maliciously crafted packet…
New
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-0269
|
2026-06-12 00:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
609
|
- |
|
-
|
-
|
A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipu…
New
|
CWE-22
Path Traversal
|
CVE-2026-0270
|
2026-06-12 00:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
610
|
- |
|
-
|
-
|
A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges.
This does not impact Pri…
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-0271
|
2026-06-12 00:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
