|
1601
|
- |
|
-
|
-
|
In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerabili…
|
CWE-95
Eval Injection
|
CVE-2026-8914
|
2026-06-5 23:59 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1602
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the d…
|
CWE-59
Link Following
|
CVE-2026-11322
|
2026-06-5 23:59 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1603
|
5.4 |
MEDIUM
Network
|
-
|
-
|
In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences.
|
CWE-79
Cross-site Scripting
|
CVE-2026-50591
|
2026-06-5 23:59 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1604
|
6.4 |
MEDIUM
Network
|
-
|
-
|
In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in
AdminCommunicationLog (aka the communication log administration view).
|
CWE-79
Cross-site Scripting
|
CVE-2026-50592
|
2026-06-5 23:59 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1605
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint that allows attackers to inject arbitrary HTML and JavaScript code throug…
|
CWE-79
Cross-site Scripting
|
CVE-2026-50230
|
2026-06-5 23:59 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1606
|
7.2 |
HIGH
Network
|
-
|
-
|
Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template va…
|
CWE-79
Cross-site Scripting
|
CVE-2026-50231
|
2026-06-5 23:59 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1607
|
3.6 |
LOW
Local
|
-
|
-
|
A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the function computeObservationContentHash of the file src/services/sqlite/observations/store.ts of the c…
|
CWE-327
CWE-328
Use of a Broken or Risky Cryptographic Algorithm
Use of Weak Hash
|
CVE-2026-11330
|
2026-06-5 23:59 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1608
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service (TCP port 9090) and the HTTP JSON-RPC endpoint (/jsonr…
|
CWE-548
Exposure of Information Through Directory Listing
|
CVE-2026-50233
|
2026-06-5 23:59 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1609
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attacke…
|
CWE-79
Cross-site Scripting
|
CVE-2026-50235
|
2026-06-5 23:59 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1610
|
2.7 |
LOW
Network
|
-
|
-
|
A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This…
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2026-9088
|
2026-06-5 23:56 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
