|
461
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
lldpd is an implementation of IEEE 802.1ab (LLDP). Prior to version 1.0.22, lldpd_decode() in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove() to shift th…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-46433
|
2026-06-10 08:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
462
|
7.5 |
HIGH
Network
|
-
|
-
|
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be l…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-46374
|
2026-06-10 08:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
463
|
7.5 |
HIGH
Network
|
-
|
-
|
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be l…
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-46373
|
2026-06-10 08:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
464
|
- |
|
-
|
-
|
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-44963
|
2026-06-10 08:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
465
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
New
|
-
|
CVE-2026-10238
|
2026-06-10 08:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
466
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A markdown based cross-site scripting (XSS) vulnerability in the AI assistant chat function of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted pa…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-36728
|
2026-06-10 07:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
467
|
8.1 |
HIGH
Network
|
-
|
-
|
Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type.
New
|
CWE-284
Improper Access Control
|
CVE-2026-36720
|
2026-06-10 07:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
468
|
6.1 |
MEDIUM
Network
|
-
|
-
|
OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through th…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-34417
|
2026-06-10 07:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
469
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code …
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-30141
|
2026-06-10 07:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
470
|
6.1 |
MEDIUM
Network
|
-
|
-
|
OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embeddi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-25860
|
2026-06-10 07:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
