|
641
|
4.3 |
MEDIUM
Network
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of …
|
CWE-862
Missing Authorization
|
CVE-2026-55838
|
2026-06-27 13:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
642
|
6.3 |
MEDIUM
Local
|
-
|
-
|
mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_command from local project config before any trust decision, then executes …
|
CWE-78
OS Command
|
CVE-2026-55448
|
2026-06-27 13:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
643
|
8.2 |
HIGH
Network
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an authorization bypass in the bucket replication admin API. The ListRemoteTargetHa…
|
CWE-200
CWE-522
CWE-862
CWE-863
Information Exposure
Insufficiently Protected Credentials
Missing Authorization
Incorrect Authorization
|
CVE-2026-55188
|
2026-06-27 13:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
644
|
9.6 |
CRITICAL
Adjacent
|
-
|
-
|
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution (RCE). This vulnerability is fixed in 17.3.3 and 17…
|
CWE-20
Improper Input Validation
|
CVE-2026-52780
|
2026-06-27 13:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
645
|
6.0 |
MEDIUM
Network
|
-
|
-
|
GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton in…
|
CWE-284
Improper Access Control
|
CVE-2026-48529
|
2026-06-27 13:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
646
|
6.5 |
MEDIUM
Network
|
-
|
-
|
OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/relations endpoint allows any authenticated user to retrieve relations — and the subject (title) of…
|
CWE-200
CWE-639
CWE-836
Information Exposure
Authorization Bypass Through User-Controlled Key
Use of Password Hash Instead of Password for Authentication
|
CVE-2026-44736
|
2026-06-27 13:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
647
|
6.5 |
MEDIUM
Network
|
-
|
-
|
OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, a Missing Authorization vulnerability exists in OpenProject's CostReportsController. The rename and upda…
|
CWE-862
Missing Authorization
|
CVE-2026-44734
|
2026-06-27 13:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
648
|
5.7 |
MEDIUM
Network
|
-
|
-
|
OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text (markdown) rendering pipeline uses Sanitize::Config::RELAXED[:css] for inline style sanitiz…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44696
|
2026-06-27 13:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
649
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Patool before 4.0.5 contains a path traversal vulnerability in the safe_extract() function in patoolib/programs/py_tarfile.py when running on Python before 3.12, where the is_within_directory() helpe…
|
CWE-22
Path Traversal
|
CVE-2026-29509
|
2026-06-27 13:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
650
|
4.9 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim int…
|
CWE-20
Improper Input Validation
|
CVE-2026-13434
|
2026-06-27 13:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
