|
161
|
- |
|
-
|
-
|
sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py that uses re.match without end-anchoring. This allows an attacker to bypas…
New
|
-
|
CVE-2026-37737
|
2026-06-6 01:07 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
162
|
- |
|
-
|
-
|
The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for …
New
|
CWE-321
CWE-338
Use of Hard-coded Cryptographic Key
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-11347
|
2026-06-6 01:07 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
163
|
- |
|
-
|
-
|
An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorre…
New
|
CWE-287
Improper Authentication
|
CVE-2026-11345
|
2026-06-6 01:07 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
164
|
- |
|
-
|
-
|
A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific proces…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-11346
|
2026-06-6 01:07 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
165
|
- |
|
-
|
-
|
The Comment API (GET /api/Comment and POST /api/Comment) in the affected application fails to perform authorization checks to verify that the requesting user has access to the object identified by th…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-11369
|
2026-06-6 01:07 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
166
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. T…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-36499
|
2026-06-6 01:06 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
167
|
- |
|
-
|
-
|
An integer underflow in bt_mesh_sol_recv() in the Bluetooth Mesh solicitation handling (subsys/bluetooth/mesh/solicitation.c) leads to an out-of-bounds write. When CONFIG_BT_MESH_OD_PRIV_PROXY_SRV is…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-5589
|
2026-06-6 01:06 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
168
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c). When the TLS session cache is enabled, tls_session_…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-5066
|
2026-06-6 01:06 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
169
|
5.3 |
MEDIUM
Network
|
-
|
-
|
In OpenStack Ironic 32 through 35.0.1, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash.
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-50589
|
2026-06-6 01:06 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
170
|
4.5 |
MEDIUM
Local
|
-
|
-
|
In Mimecast Incydr before 2.6.0, arbitrary file access can occur.
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-50590
|
2026-06-6 01:06 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
