|
3291
|
- |
|
-
|
-
|
Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects.
Tesla.Middleware.FollowRedirects strips securit…
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2026-48595
|
2026-06-5 00:42 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3292
|
- |
|
-
|
-
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.add_content_type_par…
|
CWE-113
HTTP Response Splitting
|
CVE-2026-48596
|
2026-06-5 00:42 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3293
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint.
Tesla.Adapter.Mint.open_conn/2 conv…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-48597
|
2026-06-5 00:42 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3294
|
- |
|
-
|
-
|
Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values.
Tesla.Multipart.part_headers_fo…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-48598
|
2026-06-5 00:42 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3295
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /receipt.php. Such manipulation of the ar…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-10811
|
2026-06-5 00:41 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3296
|
- |
|
-
|
-
|
GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7.
|
CWE-79
Cross-site Scripting
|
CVE-2026-40108
|
2026-06-5 00:41 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3297
|
9.0 |
CRITICAL
Network
|
-
|
-
|
RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile.
|
CWE-79
Cross-site Scripting
|
CVE-2026-36748
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3298
|
- |
|
-
|
-
|
GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the …
|
CWE-862
Missing Authorization
|
CVE-2026-42317
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3299
|
- |
|
-
|
-
|
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with access to planning can delete any object in GLPI.…
|
CWE-862
Missing Authorization
|
CVE-2026-42318
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3300
|
- |
|
-
|
-
|
GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPI_DOC_DIR. Upgrade to 1…
|
CWE-862
Missing Authorization
|
CVE-2026-42320
|
2026-06-5 00:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
