|
3181
|
7.4 |
HIGH
Adjacent
|
linuxfoundation
|
volcano
|
Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluste…
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-44247
|
2026-06-3 02:25 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3182
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argume…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-10606
|
2026-06-3 02:19 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3183
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel expose…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-0611
|
2026-06-3 02:19 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3184
|
- |
|
-
|
-
|
Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery sca…
|
-
|
CVE-2026-9522
|
2026-06-3 02:19 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3185
|
- |
|
-
|
-
|
Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without …
|
-
|
CVE-2026-9590
|
2026-06-3 02:19 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3186
|
- |
|
-
|
-
|
NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/classes/ForumPostReactionContext.php` only verifies that the caller can view the forum, but it does not re-enfor…
|
CWE-862
Missing Authorization
|
CVE-2026-35443
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3187
|
- |
|
-
|
-
|
NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page (modules/Core/pages/profile.php) processes wall post submissions and replies before verifying whether the view…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-35447
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3188
|
- |
|
-
|
-
|
NamelessMC is website software for Minecraft servers. In version 2.2.4,`core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private-…
|
CWE-862
Missing Authorization
|
CVE-2026-40314
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3189
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied mode…
|
CWE-94
Code Injection
|
CVE-2026-47117
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3190
|
- |
|
-
|
-
|
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling.
In lib/mint/http1/request.ex, the encode_requ…
|
CWE-93
CRLF Injection
|
CVE-2026-48861
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
