|
391
|
- |
|
-
|
-
|
An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of Service (DoS) via parsing a crafted input.
New
|
-
|
CVE-2026-38639
|
2026-06-27 06:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
392
|
8.8 |
HIGH
Network
|
misp-project
|
misp
|
The Azure Active Directory (AAD) authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees pro…
New
|
CWE-384
Session Fixation
|
CVE-2026-56425
|
2026-06-27 05:33 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
393
|
7.5 |
HIGH
Network
|
vllm
|
vllm
|
vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can subm…
New
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-56340
|
2026-06-27 05:29 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
394
|
7.5 |
HIGH
Network
|
vllm
|
vllm
|
vLLM versions >= 0.6.3 and < 0.9.0 contain multiple regular expression denial of service (ReDoS) vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the Ope…
New
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2025-71379
|
2026-06-27 05:25 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
395
|
7.5 |
HIGH
Network
|
-
|
-
|
Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with…
New
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2021-47987
|
2026-06-27 05:22 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
396
|
8.8 |
HIGH
Network
|
-
|
-
|
Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharact…
New
|
CWE-78
OS Command
|
CVE-2026-32833
|
2026-06-27 05:22 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
397
|
5.4 |
MEDIUM
Network
|
ibm
|
engineering_workflow_management
|
IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to …
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-33128
|
2026-06-27 05:20 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
398
|
5.0 |
MEDIUM
Network
|
jenkins
|
git_client
|
Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name…
New
|
CWE-78
OS Command
|
CVE-2026-57282
|
2026-06-27 05:20 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
399
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0-beta.2, the local HTTP server started by nx graph sent Access-Control-Allow-Origin: * on every res…
New
|
CWE-749
CWE-942
Exposed Dangerous Method or Function
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-54753
|
2026-06-27 05:20 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
400
|
4.3 |
MEDIUM
Network
|
-
|
-
|
OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks whether a given user ID corresponds to a valid accou…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44731
|
2026-06-27 05:20 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
