|
51
|
2.7 |
LOW
Network
|
element
|
synapse
|
Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full h…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-45076
|
2026-06-5 03:04 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
52
|
9.9 |
CRITICAL
Network
|
flowintel
|
flowintel
|
FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-9813
|
2026-06-5 03:03 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
53
|
5.4 |
MEDIUM
Network
|
appsmith
|
appsmith
|
Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7299
|
2026-06-5 02:41 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
54
|
6.5 |
MEDIUM
Adjacent
|
tp-link
|
tapo_c200_firmware
|
TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted …
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-1871
|
2026-06-5 02:41 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
55
|
7.8 |
HIGH
Local
|
nvidia
|
nvtabular
|
NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampe…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-24221
|
2026-06-5 02:41 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
56
|
7.8 |
HIGH
Local
|
nvidia
|
nvtabular
|
NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampe…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-24237
|
2026-06-5 02:40 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
57
|
6.1 |
MEDIUM
Physics
|
dell
|
thinos
|
Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerabilit…
New
|
CWE-284
Improper Access Control
|
CVE-2026-40713
|
2026-06-5 02:37 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
58
|
7.8 |
HIGH
Local
|
dell
|
thinos
|
Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, le…
New
|
CWE-284
Improper Access Control
|
CVE-2026-40715
|
2026-06-5 02:29 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
59
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3.
New
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-10701
|
2026-06-5 02:25 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
60
|
- |
|
-
|
-
|
Net::CIDR::Set versions through 0.20 for Perl did not validate network masks.
The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One (U+0661), or non-digits, wh…
New
|
CWE-1289
Improper Validation of Unsafe Equivalence in Input
|
CVE-2026-49942
|
2026-06-5 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
