|
1031
|
8.1 |
HIGH
Network
|
shopify
|
react-router
|
React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution (RCE) through extern…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-42211
|
2026-06-5 03:50 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1032
|
5.4 |
MEDIUM
Network
|
koha
|
koha
|
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features
|
CWE-79
Cross-site Scripting
|
CVE-2026-26378
|
2026-06-5 03:49 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1033
|
6.1 |
MEDIUM
Network
|
shopify
|
react-router
|
React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to p…
|
CWE-601
Open Redirect
|
CVE-2026-40181
|
2026-06-5 03:46 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1034
|
7.5 |
HIGH
Network
|
shopify
turbo-stream
|
react-router
turbo_stream
|
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site Scripting (XSS…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-34077
|
2026-06-5 03:45 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1035
|
4.7 |
MEDIUM
Network
|
shopify
|
react-router
|
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site Scripting (XSS…
|
CWE-79
Cross-site Scripting
|
CVE-2026-33245
|
2026-06-5 03:43 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1036
|
7.3 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-8876
|
2026-06-5 03:42 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1037
|
7.5 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2026-8878
|
2026-06-5 03:42 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1038
|
7.5 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This script is NOT declared in manif…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-8879
|
2026-06-5 03:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1039
|
6.5 |
MEDIUM
Network
|
libxls_project
|
libxls
|
libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT) in read_MSAT() is not ful…
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-26824
|
2026-06-5 03:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1040
|
7.7 |
HIGH
Network
|
openstack
|
ironic
|
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-46447
|
2026-06-5 03:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
