|
1631
|
- |
|
-
|
-
|
CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user…
|
CWE-611
XXE
|
CVE-2026-8045
|
2026-06-10 01:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1632
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection.
This issue affects CBS Pla…
|
CWE-89
SQL Injection
|
CVE-2026-8025
|
2026-06-10 01:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1633
|
5.3 |
MEDIUM
Network
|
-
|
-
|
In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-50589
|
2026-06-10 01:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1634
|
8.1 |
HIGH
Network
|
-
|
-
|
Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider…
|
CWE-862
Missing Authorization
|
CVE-2026-49948
|
2026-06-10 01:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1635
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of `<iframe>` el…
|
CWE-79
Cross-site Scripting
|
CVE-2026-46396
|
2026-06-10 01:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1636
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenti…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-46390
|
2026-06-10 01:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1637
|
6.5 |
MEDIUM
Network
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site crea…
|
CWE-20
Improper Input Validation
|
CVE-2026-46357
|
2026-06-10 01:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1638
|
9.0 |
CRITICAL
Network
|
termix
|
termix
|
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Brok…
|
CWE-284
CWE-639
Improper Access Control
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45746
|
2026-06-10 01:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1639
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in the Externalizable.readExternal() component of Controller v12.0.5 allows attackers to cause a Denial of Service (DoS) via a crafted input.
|
CWE-20
Improper Input Validation
|
CVE-2026-36501
|
2026-06-10 01:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1640
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Lega…
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-11619
|
2026-06-10 01:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
