|
1971
|
8.8 |
HIGH
Network
|
progress
|
sitefinity
|
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote authenti…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7201
|
2026-06-4 21:42 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1972
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can pos…
|
CWE-79
Cross-site Scripting
|
CVE-2018-25384
|
2026-06-4 12:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1973
|
9.0 |
CRITICAL
Network
|
-
|
-
|
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is config…
|
CWE-78
OS Command
|
CVE-2026-4408
|
2026-06-4 09:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1974
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
-
|
CVE-2026-2596
|
2026-06-4 08:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1975
|
7.8 |
HIGH
Local
|
google
|
android
|
In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges…
|
NVD-CWE-noinfo
CWE-20
Improper Input Validation
|
CVE-2025-22424
|
2026-06-4 07:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1976
|
8.4 |
HIGH
Local
|
-
|
-
|
Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog inter…
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2019-25718
|
2026-06-4 07:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1977
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet…
|
CWE-15
External Control of System or Configuration Setting
|
CVE-2019-25716
|
2026-06-4 07:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1978
|
9.1 |
CRITICAL
Network
|
github
|
cli
|
GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release …
|
CWE-863
Incorrect Authorization
|
CVE-2026-48501
|
2026-06-4 06:06 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1979
|
4.9 |
MEDIUM
Network
|
macgregor
|
interschalt_vdr_g4e_firmware
|
The administrator account for the
Danelec MacGregor Voyage Data Recorder
web interface can directly edit sensitive files related to authentication, potentially changing the root password.
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-40425
|
2026-06-4 05:54 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1980
|
4.3 |
MEDIUM
Network
|
nextcloud
|
calendar
|
Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance …
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-45286
|
2026-06-4 05:35 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
