|
1351
|
- |
|
-
|
-
|
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web s…
|
CWE-78
OS Command
|
CVE-2026-45777
|
2026-06-6 05:48 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1352
|
- |
|
-
|
-
|
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abus…
|
CWE-79
Cross-site Scripting
|
CVE-2026-45778
|
2026-06-6 05:48 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1353
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcms_refresh_token cookie is set without the Secure flag. This allow…
|
CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
|
CVE-2026-46398
|
2026-06-6 05:48 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1354
|
7.5 |
HIGH
Network
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use `uniqid` for generating salts, which is unsuitable. Version 26.0.1 fixes the issue.
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-46493
|
2026-06-6 05:48 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1355
|
7.1 |
HIGH
Adjacent
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension …
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-8874
|
2026-06-6 05:47 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1356
|
7.5 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no …
|
NVD-CWE-noinfo
|
CVE-2026-8881
|
2026-06-6 05:46 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1357
|
7.5 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. A…
|
CWE-917
CWE-1333
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Inefficient Regular Expression Complexity
|
CVE-2026-8888
|
2026-06-6 05:46 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1358
|
7.5 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes).
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-8889
|
2026-06-6 05:46 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1359
|
8.2 |
HIGH
Network
|
mosaic5g
|
flexric
|
FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs. On disconnect, only the first registered xapp_id's resources are cleaned up; subsequen…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-37234
|
2026-06-6 05:42 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1360
|
7.8 |
HIGH
Local
|
trustedfirmware
|
op-tee
|
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior …
|
CWE-416
Use After Free
|
CVE-2026-40290
|
2026-06-6 05:20 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
