|
2391
|
- |
|
-
|
-
|
AIL did not restrict repeated failed attempts to verify a two-factor authentication (OTP) code. An attacker who had reached the 2FA verification step, such as after successfully completing the passwo…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-56450
|
2026-06-23 03:16 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2392
|
- |
|
-
|
-
|
A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authenticated AIL user can supply crafted object identifiers t…
|
CWE-22
Path Traversal
|
CVE-2026-56448
|
2026-06-23 03:16 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2393
|
- |
|
-
|
-
|
Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys (id) and ownership/scope foreign keys (event_id, org_id, user_id, sharing_group_i…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-56422
|
2026-06-23 03:16 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2394
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Advanced Import plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.6. This is due to the plugin using wp_remote_get() to fetch a user-supp…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-4328
|
2026-06-23 03:16 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2395
|
- |
|
-
|
-
|
A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 and R2 that could allow unauthorized access to attachment files due to insufficient access control.
|
CWE-284
Improper Access Control
|
CVE-2026-4027
|
2026-06-23 03:16 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2396
|
5.8 |
MEDIUM
Local
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a temporary file is created using open() without the …
|
CWE-362
Race Condition
|
CVE-2026-48982
|
2026-06-23 03:16 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2397
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The STRABL – A checkout solution plugin for WordPress is vulnerable to Missing Authentication in all versions up to and including 4.5. The plugin registers a REST API webhook endpoint at /wp-json/str…
|
CWE-862
Missing Authorization
|
CVE-2026-3640
|
2026-06-23 03:16 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2398
|
5.5 |
MEDIUM
Local
|
-
|
-
|
An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-3196
|
2026-06-23 03:16 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2399
|
7.4 |
HIGH
Local
|
-
|
-
|
A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pcm_in_cb` function did not check whether the iov could fit the data buffer, potentially le…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-3195
|
2026-06-23 03:16 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2400
|
- |
|
-
|
-
|
Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript i…
|
CWE-79
Cross-site Scripting
|
CVE-2026-11943
|
2026-06-23 03:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
