|
1601
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argume…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-10606
|
2026-06-3 02:19 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1602
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel expose…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-0611
|
2026-06-3 02:19 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1603
|
- |
|
-
|
-
|
Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery sca…
|
-
|
CVE-2026-9522
|
2026-06-3 02:19 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1604
|
- |
|
-
|
-
|
Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without …
|
-
|
CVE-2026-9590
|
2026-06-3 02:19 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1605
|
- |
|
-
|
-
|
NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/classes/ForumPostReactionContext.php` only verifies that the caller can view the forum, but it does not re-enfor…
|
CWE-862
Missing Authorization
|
CVE-2026-35443
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1606
|
- |
|
-
|
-
|
NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page (modules/Core/pages/profile.php) processes wall post submissions and replies before verifying whether the view…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-35447
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1607
|
- |
|
-
|
-
|
NamelessMC is website software for Minecraft servers. In version 2.2.4,`core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private-…
|
CWE-862
Missing Authorization
|
CVE-2026-40314
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1608
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied mode…
|
CWE-94
Code Injection
|
CVE-2026-47117
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1609
|
- |
|
-
|
-
|
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling.
In lib/mint/http1/request.ex, the encode_requ…
|
CWE-93
CRLF Injection
|
CVE-2026-48861
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1610
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSH_PROMISE flooding.
In lib/…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-48862
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
