|
331
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-45106
|
2026-06-11 05:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
332
|
- |
|
-
|
-
|
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet opt…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-46683
|
2026-06-11 05:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
333
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCS_RESTRICT_PRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, o…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-50127
|
2026-06-11 05:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
334
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service (degraded availability) by sending crafted …
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-10740
|
2026-06-11 05:19 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
335
|
- |
|
-
|
-
|
Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections.
The statsd protocol (and extensions) allow mutiple metrics,separated by newlines, to be sent p…
New
|
CWE-93
CRLF Injection
|
CVE-2026-50637
|
2026-06-11 05:19 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
336
|
- |
|
-
|
-
|
Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections.
The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by n…
New
|
CWE-93
CRLF Injection
|
CVE-2026-50638
|
2026-06-11 05:19 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
337
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections.
The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by ne…
New
|
CWE-93
CRLF Injection
|
CVE-2026-50639
|
2026-06-11 05:19 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
338
|
7.5 |
HIGH
Network
|
-
|
-
|
Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability al…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-36818
|
2026-06-11 05:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
339
|
7.5 |
HIGH
Network
|
-
|
-
|
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-36817
|
2026-06-11 05:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
340
|
7.5 |
HIGH
Network
|
-
|
-
|
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability a…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-36816
|
2026-06-11 05:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
