|
681
|
5.3 |
MEDIUM
Network
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete an…
New
|
CWE-862
Missing Authorization
|
CVE-2026-54029
|
2026-06-26 03:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
682
|
- |
|
-
|
-
|
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local .npmrc file. In the reproduced case…
New
|
CWE-200
CWE-522
Information Exposure
Insufficiently Protected Credentials
|
CVE-2026-50017
|
2026-06-26 03:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
683
|
9.9 |
CRITICAL
Network
|
microsoft
|
dynamics_365
|
Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.
New
|
CWE-284
Improper Access Control
|
CVE-2026-47647
|
2026-06-26 03:57 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
684
|
- |
|
-
|
-
|
motionEye (mEye) is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to 0.44.0 contain an absolute path travers…
New
|
CWE-22
Path Traversal
|
CVE-2026-55488
|
2026-06-26 03:56 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
685
|
4.3 |
MEDIUM
Network
|
-
|
-
|
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept a…
New
|
CWE-22
Path Traversal
|
CVE-2026-48789
|
2026-06-26 03:56 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
686
|
0.0 |
NONE
Network
|
-
|
-
|
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files re…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-55611
|
2026-06-26 03:56 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
687
|
5.5 |
MEDIUM
Local
|
-
|
-
|
motionEye (mEye) is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with…
New
|
CWE-200
CWE-522
CWE-732
Information Exposure
Insufficiently Protected Credentials
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-32315
|
2026-06-26 03:56 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
688
|
7.1 |
HIGH
Network
|
silabs
|
emberznet
|
In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages …
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-47151
|
2026-06-26 03:51 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
689
|
7.1 |
HIGH
Network
|
silabs
|
emberznet
|
In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-47150
|
2026-06-26 03:49 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
690
|
6.5 |
MEDIUM
Network
|
silabs
|
emberznet
|
In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has …
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-47149
|
2026-06-26 03:48 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
