|
571
|
7.2 |
HIGH
Network
|
-
|
-
|
Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template va…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-50231
|
2026-06-5 23:59 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
572
|
7.2 |
HIGH
Network
|
-
|
-
|
Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attack…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-50232
|
2026-06-5 23:59 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
573
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service (TCP port 9090) and the HTTP JSON-RPC endpoint (/jsonr…
New
|
CWE-548
Exposure of Information Through Directory Listing
|
CVE-2026-50233
|
2026-06-5 23:59 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
574
|
7.5 |
HIGH
Network
|
-
|
-
|
Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers …
New
|
CWE-22
Path Traversal
|
CVE-2026-50234
|
2026-06-5 23:59 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
575
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attacke…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-50235
|
2026-06-5 23:59 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
576
|
2.7 |
LOW
Network
|
-
|
-
|
A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This…
New
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2026-9088
|
2026-06-5 23:56 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
577
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument deli…
New
|
CWE-88
Argument Injection
|
CVE-2026-11332
|
2026-06-5 23:56 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
578
|
7.0 |
HIGH
Local
|
-
|
-
|
A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution…
New
|
CWE-78
OS Command
|
CVE-2026-50265
|
2026-06-5 23:56 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
579
|
- |
|
-
|
-
|
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
New
|
-
|
CVE-2026-38500
|
2026-06-5 23:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
580
|
6.5 |
MEDIUM
Network
|
vmware
|
spring_cloud_function
|
Under infinite recursion in the routing layer, request-handling can cause OOM error.
Affected Spring Products and Versions:
Spring Cloud Function 3.2.x: versions prior to 3.2.16
Spring Cloud Functio…
Update
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-40989
|
2026-06-5 22:49 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
