|
2021
|
7.5 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2026-8878
|
2026-06-5 03:42 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2022
|
7.5 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This script is NOT declared in manif…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-8879
|
2026-06-5 03:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2023
|
6.5 |
MEDIUM
Network
|
libxls_project
|
libxls
|
libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT) in read_MSAT() is not ful…
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-26824
|
2026-06-5 03:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2024
|
7.7 |
HIGH
Network
|
openstack
|
ironic
|
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-46447
|
2026-06-5 03:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2025
|
4.9 |
MEDIUM
Network
|
openstack
|
ironic
|
OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template.
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-44917
|
2026-06-5 03:40 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2026
|
8.1 |
HIGH
Network
|
openstack
|
ironic
|
OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.
|
CWE-23
Relative Path Traversal
|
CVE-2026-48681
|
2026-06-5 03:40 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2027
|
5.9 |
MEDIUM
Local
|
libexpat_project
|
libexpat
|
libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation.…
|
CWE-416
Use After Free
|
CVE-2026-50219
|
2026-06-5 03:39 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2028
|
7.5 |
HIGH
Network
|
solarwinds
|
web_help_desk
|
SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server to crash due to insufficient memory.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-28299
|
2026-06-5 03:39 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2029
|
4.3 |
MEDIUM
Network
|
hcltech
|
icontrol
|
HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2025-52606
|
2026-06-5 03:38 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2030
|
4.3 |
MEDIUM
Network
|
hcltech
|
icontrol
|
HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path…
|
CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
|
CVE-2025-52608
|
2026-06-5 03:38 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
