|
1631
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component Admin Login…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-10877
|
2026-06-5 22:26 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1632
|
6.1 |
MEDIUM
Network
|
citeum
|
opencti
|
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable bo…
|
CWE-79
Cross-site Scripting
|
CVE-2026-35212
|
2026-06-5 22:07 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1633
|
3.1 |
LOW
Network
|
djangoproject
|
django
|
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.
`django.middleware.cache.UpdateCacheMiddleware` in Django does not add `Authorization` to the `Vary` response header for requ…
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2026-35193
|
2026-06-5 22:03 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1634
|
5.3 |
MEDIUM
Network
|
djangoproject
|
django
|
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.
`django.utils.cache.has_vary_header()` in Django does not strip leading or trailing whitespace from `Vary` response header va…
|
CWE-1023
Incomplete Comparison with Missing Factors
|
CVE-2026-48587
|
2026-06-5 22:03 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1635
|
4.3 |
MEDIUM
Network
|
djangoproject
|
django
|
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.
`django.http.HttpRequest.get_signed_cookie` in Django uses a non-injective salt derivation (concatenating the cookie name and…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-6873
|
2026-06-5 21:58 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1636
|
3.1 |
LOW
Network
|
djangoproject
|
django
|
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.
`django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent reuse of a partially-initialized connection after a …
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-7666
|
2026-06-5 21:46 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1637
|
5.3 |
MEDIUM
Network
|
djangoproject
|
django
|
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.
`django.middleware.cache.UpdateCacheMiddleware` in Django does not match `Cache-Control` response directives case-insensitive…
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2026-8404
|
2026-06-5 21:38 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1638
|
7.2 |
HIGH
Network
|
-
|
-
|
Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit pay…
|
CWE-79
Cross-site Scripting
|
CVE-2019-25737
|
2026-06-5 21:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1639
|
7.2 |
HIGH
Network
|
-
|
-
|
Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inje…
|
CWE-79
Cross-site Scripting
|
CVE-2019-25731
|
2026-06-5 21:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1640
|
5.3 |
MEDIUM
Network
|
exim
|
exim
|
Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.
|
CWE-839
Numeric Range Comparison Without Minimum Check
|
CVE-2026-48840
|
2026-06-5 20:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
