|
3251
|
8.2 |
HIGH
Network
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to version 9.2.0565, the update_snapshot() function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snaps…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-52859
|
2026-06-15 22:12 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3252
|
8.2 |
HIGH
Network
|
raszi
|
tmp
|
tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, p…
|
CWE-20
CWE-22
Improper Input Validation
Path Traversal
|
CVE-2026-49982
|
2026-06-15 21:52 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3253
|
8.2 |
HIGH
Network
|
raszi
|
tmp
|
tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untru…
|
CWE-22
Path Traversal
|
CVE-2026-44705
|
2026-06-15 21:52 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3254
|
- |
|
-
|
-
|
Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in.
AshAuthentication's OAuth2 and OIDC family strategie…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-49757
|
2026-06-15 21:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3255
|
- |
|
-
|
-
|
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple applicati…
|
CWE-73
External Control of File Name or Path
|
CVE-2026-34030
|
2026-06-15 21:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3256
|
- |
|
-
|
-
|
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the …
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-34029
|
2026-06-15 21:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3257
|
- |
|
-
|
-
|
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly ac…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2026-34028
|
2026-06-15 21:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3258
|
- |
|
-
|
-
|
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application val…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-34027
|
2026-06-15 21:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3259
|
- |
|
-
|
-
|
Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The…
|
CWE-23
Relative Path Traversal
|
CVE-2026-34026
|
2026-06-15 21:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3260
|
- |
|
-
|
-
|
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP addr…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-34025
|
2026-06-15 21:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
