|
361
|
- |
|
-
|
-
|
Cross-Site Scripting (XSS) vulnerability in the patron restriction type administration page of Koha Library Management System through 25.11 allows an authenticated remote attacker with administrator …
New
|
-
|
CVE-2026-50765
|
2026-06-27 07:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362
|
7.7 |
HIGH
Network
|
-
|
-
|
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-supplied paths for .. traversal before it converts Windows…
New
|
CWE-22
CWE-180
CWE-200
Path Traversal
Incorrect Behavior Order: Validate Before Canonicalize
Information Exposure
|
CVE-2026-49984
|
2026-06-27 07:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath().endsWith("/configs") to whitelist the public confi…
New
|
CWE-78
CWE-184
CWE-287
CWE-918
OS Command
Incomplete Blacklist
Improper Authentication
Server-Side Request Forgery (SSRF)
|
CVE-2026-49869
|
2026-06-27 07:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364
|
7.7 |
HIGH
Network
|
-
|
-
|
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints accept a kestra:// URI from the client and pass it through StorageInterface.par…
New
|
CWE-22
Path Traversal
|
CVE-2026-45807
|
2026-06-27 07:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
365
|
- |
|
-
|
-
|
Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 (V603) allow a p…
New
|
-
|
CVE-2026-38571
|
2026-06-27 07:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366
|
- |
|
-
|
-
|
A stack overflow in the AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
New
|
-
|
CVE-2026-36908
|
2026-06-27 07:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
367
|
- |
|
-
|
-
|
A stack overflow in the AP4_StsdAtom::AP4_StsdAtom component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
New
|
-
|
CVE-2026-36907
|
2026-06-27 07:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
368
|
- |
|
-
|
-
|
An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsServerApp.exe, DnsServerApp.dll, TechnitiumLibrary.Net/Dns/DnsClient.cs components
New
|
-
|
CVE-2026-36478
|
2026-06-27 07:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
369
|
- |
|
-
|
-
|
A command
injection vulnerability has been identified in the DHCP option processing logic
in multiple TP-Link router models, due to insufficient validation of externally
supplied DHCP option data. An…
New
|
CWE-78
OS Command
|
CVE-2026-11834
|
2026-06-27 07:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
370
|
7.5 |
HIGH
Network
|
imagemagick
|
imagemagick
|
ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by proces…
New
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-56368
|
2026-06-27 06:51 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
