|
3001
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in h…
|
CWE-285
CWE-939
Improper Authorization
Improper Authorization in Handler for Custom URL Scheme
|
CVE-2026-12189
|
2026-06-16 01:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3002
|
4.8 |
MEDIUM
Adjacent
|
-
|
-
|
Zephyr's native TCP stack iterates the global connection list in net_tcp_foreach() (subsys/net/ip/tcp.c) using the SYS_SLIST_FOR_EACH_CONTAINER_SAFE macro, which caches a pointer to the next list nod…
|
CWE-416
Use After Free
|
CVE-2026-10634
|
2026-06-16 01:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3003
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions.
|
CWE-79
Cross-site Scripting
|
CVE-2025-15659
|
2026-06-16 01:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3004
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions.
|
CWE-79
Cross-site Scripting
|
CVE-2025-15658
|
2026-06-16 01:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3005
|
5.3 |
MEDIUM
Network
|
axios
|
axios
|
Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., config.proxy) are still constructed as plain {} with Obj…
|
CWE-113
CWE-1321
HTTP Response Splitting
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-44489
|
2026-06-16 01:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3006
|
7.5 |
HIGH
Network
|
vllm
|
vllm
|
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in the `VideoMediaIO.load_base64()` method. When processi…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-5497
|
2026-06-16 01:11 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3007
|
10.0 |
CRITICAL
Network
|
adobe
|
coldfusion
|
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-47928
|
2026-06-16 00:20 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3008
|
9.1 |
CRITICAL
Network
|
adobe
|
coldfusion
|
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privi…
|
CWE-863
Incorrect Authorization
|
CVE-2026-47929
|
2026-06-16 00:18 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3009
|
8.1 |
HIGH
Network
|
adobe
|
coldfusion
|
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage thi…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-47930
|
2026-06-16 00:18 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3010
|
9.9 |
CRITICAL
Network
|
adobe
|
coldfusion
|
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-47931
|
2026-06-16 00:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
