|
1251
|
- |
|
-
|
-
|
A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
New
|
CWE-284
Improper Access Control
|
CVE-2026-48908
|
2026-06-25 04:17 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1252
|
9.8 |
CRITICAL
Network
|
litellm
|
litellm
|
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0.
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-49468
|
2026-06-25 04:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1253
|
7.7 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in `backend/open_webui/routers/terminals.py` does …
New
|
CWE-22
CWE-918
Path Traversal
Server-Side Request Forgery (SSRF)
|
CVE-2026-54017
|
2026-06-25 04:04 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1254
|
9.8 |
CRITICAL
Network
|
ibm
|
i
|
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execut…
New
|
CWE-94
Code Injection
|
CVE-2026-9072
|
2026-06-25 02:17 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1255
|
7.3 |
HIGH
Network
|
-
|
-
|
The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent() runs on the raw template string before getTemplateSrv().replace() substitutes the variable v…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-9029
|
2026-06-25 02:17 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1256
|
8.8 |
HIGH
Adjacent
|
ibm
|
i
|
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnera…
New
|
CWE-94
Code Injection
|
CVE-2026-8858
|
2026-06-25 02:17 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1257
|
9.6 |
CRITICAL
Network
|
-
|
-
|
SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-56397
|
2026-06-25 02:17 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1258
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a target private asset can call the endpoint with an att…
New
|
CWE-862
Missing Authorization
|
CVE-2026-56384
|
2026-06-25 02:17 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1259
|
5.3 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when Get…
New
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-56371
|
2026-06-25 02:17 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1260
|
8.8 |
HIGH
Network
|
-
|
-
|
vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can subm…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-56340
|
2026-06-25 02:17 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
