|
551
|
6.0 |
MEDIUM
Local
|
-
|
-
|
Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially e…
New
|
CWE-59
Link Following
|
CVE-2026-28262
|
2026-06-9 22:53 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
552
|
4.8 |
MEDIUM
Network
|
-
|
-
|
QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG f…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-25558
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
553
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an e…
New
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-25555
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
554
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by …
New
|
CWE-22
Path Traversal
|
CVE-2026-25559
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
555
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files (.bat.ps1.sh) through the File…
New
|
CWE-78
OS Command
|
CVE-2026-25855
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
556
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C# code on the server host by creating or modifyin…
New
|
CWE-94
Code Injection
|
CVE-2026-25856
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
557
|
6.5 |
MEDIUM
Network
|
-
|
-
|
OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy sour…
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-39908
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
558
|
9.8 |
CRITICAL
Network
|
-
|
-
|
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary…
New
|
CWE-862
Missing Authorization
|
CVE-2026-39910
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
559
|
9.4 |
CRITICAL
Network
|
-
|
-
|
AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequen…
New
|
CWE-22
Path Traversal
|
CVE-2026-41448
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
560
|
- |
|
-
|
-
|
A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authe…
New
|
CWE-78
OS Command
|
CVE-2026-8913
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
