|
3201
|
4.3 |
MEDIUM
Network
|
-
|
-
|
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. A…
|
CWE-155
CWE-943
|
CVE-2026-49482
|
2026-06-13 00:56 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3202
|
- |
|
-
|
-
|
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective per…
|
CWE-863
Incorrect Authorization
|
CVE-2026-47195
|
2026-06-13 00:56 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3203
|
- |
|
-
|
-
|
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but stored warning reasons a…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-48485
|
2026-06-13 00:56 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3204
|
- |
|
-
|
-
|
Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database tic…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-49347
|
2026-06-13 00:56 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3205
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, there is a possible SQL Injection via get_blog_list. This issue has been patched in versions 15.106.0 and 16.…
|
CWE-89
SQL Injection
|
CVE-2026-41581
|
2026-06-13 00:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3206
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to execute malicious scripts in the browse…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44205
|
2026-06-13 00:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3207
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, stored XSS in Note was possible due to lack of sanitization. This issue has been patched in versions 15.106.0…
|
CWE-79
Cross-site Scripting
|
CVE-2026-47739
|
2026-06-13 00:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3208
|
8.7 |
HIGH
Network
|
-
|
-
|
Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects WEOLL: …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-6211
|
2026-06-13 00:51 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3209
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass.
This issue …
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-6853
|
2026-06-13 00:51 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3210
|
6.5 |
MEDIUM
Network
|
apache
|
apache-airflow-providers-samba
|
The Apache Airflow Samba provider's `GCSToSambaOperator` joined GCS object names to the SMB destination path without a containment check, so an object named with `../` segments resolved a write path …
|
CWE-22
Path Traversal
|
CVE-2026-49818
|
2026-06-13 00:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
