|
721
|
- |
|
-
|
-
|
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.1, on POSIX, escapeshellarg(‘/usr/bin/wkhtmltopdf’) returns the literal string ‘…
New
|
CWE-78
OS Command
|
CVE-2026-46643
|
2026-06-12 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
722
|
7.5 |
HIGH
Network
|
-
|
-
|
JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign() helper copies properties with for...in + plain assignment. When the sour…
New
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-46625
|
2026-06-12 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
723
|
7.5 |
HIGH
Network
|
-
|
-
|
libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mo…
New
|
CWE-20
CWE-400
Improper Input Validation
Uncontrolled Resource Consumption
|
CVE-2026-45783
|
2026-06-12 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
724
|
8.8 |
HIGH
Network
|
-
|
-
|
Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session manageme…
New
|
CWE-362
Race Condition
|
CVE-2026-44693
|
2026-06-12 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
725
|
3.7 |
LOW
Network
|
-
|
-
|
Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., config.proxy) are still constructed as plain {} with Obj…
New
|
CWE-113
CWE-1321
HTTP Response Splitting
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-44489
|
2026-06-12 02:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
726
|
6.4 |
MEDIUM
Network
|
-
|
-
|
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuse…
New
|
CWE-89
SQL Injection
|
CVE-2026-11945
|
2026-06-12 02:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
727
|
8.1 |
HIGH
Network
|
-
|
-
|
Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in `keras/src/utils/file_utils.py`. The functions `filter_safe_tarinfos()` and `fil…
New
|
CWE-22
Path Traversal
|
CVE-2026-11816
|
2026-06-12 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
728
|
7.8 |
HIGH
Local
|
adobe
|
indesign
|
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-48293
|
2026-06-12 02:14 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
729
|
7.8 |
HIGH
Local
|
microsoft
|
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2022
windows_server_2025
|
Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.
Update
|
CWE-287
Improper Authentication
|
CVE-2026-44810
|
2026-06-12 02:13 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
730
|
7.8 |
HIGH
Local
|
sqlite
|
sqlite
|
SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by…
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-11822
|
2026-06-12 02:12 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
