|
731
|
8.2 |
HIGH
Network
|
-
|
-
|
parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData() walks bracket and dot-notation FormData field names into nes…
New
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-45302
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
732
|
- |
|
-
|
-
|
esm.sh is a no-build content delivery network (CDN) for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ulti…
Update
|
CWE-22
Path Traversal
|
CVE-2026-44593
|
2026-06-3 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
733
|
- |
|
-
|
-
|
Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content.
Package keys read from build/packages/packages.t…
New
|
CWE-22
Path Traversal
|
CVE-2026-43965
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
734
|
- |
|
-
|
-
|
Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball.
The file collection helpers (gleam_files, native_…
New
|
CWE-59
Link Following
|
CVE-2026-42795
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
735
|
7.5 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Fi…
New
|
CWE-862
Missing Authorization
|
CVE-2026-42670
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
736
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when app…
Update
|
CWE-193
Off-by-one Error
|
CVE-2026-42015
|
2026-06-3 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
737
|
8.2 |
HIGH
Network
|
-
|
-
|
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) fiel…
Update
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-42013
|
2026-06-3 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
738
|
7.1 |
HIGH
Network
|
-
|
-
|
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject A…
Update
|
CWE-295
Improper Certificate Validation
|
CVE-2026-42012
|
2026-06-3 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
739
|
6.5 |
MEDIUM
Network
|
apache
|
flink_kubernetes_operator
|
Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator.
The FlinkSessionJob jarURI is currently not validated so th…
Update
|
CWE-552
CWE-918
Files or Directories Accessible to External Parties
Server-Side Request Forgery (SSRF)
|
CVE-2026-40564
|
2026-06-3 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
740
|
- |
|
-
|
-
|
Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory.
The documentation.pages …
New
|
CWE-22
Path Traversal
|
CVE-2026-32685
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
