|
1341
|
7.8 |
HIGH
Local
|
jetbrains
|
intellij_idea
|
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
Update
|
CWE-78
OS Command
|
CVE-2026-49366
|
2026-06-1 22:59 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1342
|
3.3 |
LOW
Local
|
jetbrains
|
intellij_idea
|
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
Update
|
CWE-611
XXE
|
CVE-2026-49383
|
2026-06-1 22:58 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1343
|
8.8 |
HIGH
Network
|
jetbrains
|
intellij_idea
|
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
Update
|
CWE-862
Missing Authorization
|
CVE-2026-49367
|
2026-06-1 22:56 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1344
|
6.5 |
MEDIUM
Network
|
elastic
|
kibana
|
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with viewer-level access can submit a request containin…
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-49094
|
2026-06-1 22:31 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1345
|
6.5 |
MEDIUM
Network
|
elastic
|
kibana
|
Improper Input Validation (CWE-20) in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent po…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-49095
|
2026-06-1 22:30 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1346
|
7.8 |
HIGH
Local
|
canonical
|
multipass
|
An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd da…
Update
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-49237
|
2026-06-1 22:27 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1347
|
8.4 |
HIGH
Local
|
canonical
|
multipass
|
An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), which executes with root privileges on the host, contains a path containment …
Update
|
CWE-22
Path Traversal
|
CVE-2026-49238
|
2026-06-1 22:26 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1348
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function create_medicine_name of the file /ShowForm/create_medicine_name/…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-10244
|
2026-06-1 22:14 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1349
|
3.5 |
LOW
Network
|
-
|
-
|
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is the function create_supplier of the file /ShowForm/create_supplier/main. Executing a manipul…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-10245
|
2026-06-1 22:14 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1350
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function create_medicine_presentation of the file /ShowForm/create_medicine_presentation/mai…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-10246
|
2026-06-1 22:14 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
