|
1511
|
8.8 |
HIGH
Network
|
samlify_project
|
samlify
|
samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text (e.g., <saml:Attribut…
|
CWE-91
Blind XPath Injection
|
CVE-2026-46490
|
2026-06-10 01:48 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1512
|
7.1 |
HIGH
Network
|
snipeitapp
|
snipe-it
|
Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to lock every admin out of the …
|
CWE-863
Incorrect Authorization
|
CVE-2026-48507
|
2026-06-10 01:41 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1513
|
9.8 |
CRITICAL
Network
|
apache
|
http_server
|
Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Users are recommended to upgrade to…
|
CWE-416
Use After Free
|
CVE-2026-29167
|
2026-06-10 01:29 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1514
|
6.1 |
MEDIUM
Network
|
apache
|
http_server
|
A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or revers…
|
CWE-79
Cross-site Scripting
|
CVE-2026-29170
|
2026-06-10 01:21 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1515
|
7.5 |
HIGH
Network
|
apache
|
http_server
|
A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend.
Users are recommended to upgrade to version 2.4.68, which fixes this issue.
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-34355
|
2026-06-10 01:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1516
|
8.8 |
HIGH
Network
|
dlink
|
dwr-m920_firmware
|
A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in …
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-11339
|
2026-06-10 01:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1517
|
7.5 |
HIGH
Network
|
apache
|
http_server
|
Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie*
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Users are…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-34356
|
2026-06-10 01:17 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1518
|
8.8 |
HIGH
Network
|
dlink
|
dir-823g_firmware
|
A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in…
|
CWE-266
CWE-272
Incorrect Privilege Assignment
Least Privilege Violation
|
CVE-2026-11492
|
2026-06-10 01:17 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1519
|
7.5 |
HIGH
Network
|
dlink
|
dgs-1100-08pd_firmware
|
A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least …
|
CWE-266
CWE-272
Incorrect Privilege Assignment
Least Privilege Violation
|
CVE-2026-11555
|
2026-06-10 01:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1520
|
8.8 |
HIGH
Network
|
dlink
|
dcs-5615_firmware
|
A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipul…
|
CWE-266
CWE-272
Incorrect Privilege Assignment
Least Privilege Violation
|
CVE-2026-11497
|
2026-06-10 01:16 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
