|
1011
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 …
New
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-41853
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1012
|
4.2 |
MEDIUM
Network
|
-
|
-
|
Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery (SSRF) attack.
A…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41854
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1013
|
8.1 |
HIGH
Network
|
-
|
-
|
In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary cl…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-41855
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1014
|
- |
|
-
|
-
|
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass security mechanisms or…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-41539
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1015
|
- |
|
-
|
-
|
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to mod…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2025-62858
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1016
|
- |
|
-
|
-
|
An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges.
We have …
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44083
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1017
|
7.1 |
HIGH
Local
|
-
|
-
|
A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), S…
New
|
CWE-313
Cleartext Storage in a File or on Disk
|
CVE-2026-24349
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1018
|
6.1 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All version…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2025-40808
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1019
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injectio…
New
|
CWE-78
OS Command
|
CVE-2026-46746
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1020
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used fo…
New
|
CWE-26
Path Traversal: '/dir/../filename'
|
CVE-2026-46747
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
