|
981
|
- |
|
-
|
-
|
This vulnerability exists in GX Earth ONT models due to the transmission of user credentials in plaintext over HTTP in its web management interface. A remote attacker could exploit this vulnerability…
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-45432
|
2026-06-5 00:26 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
982
|
- |
|
-
|
-
|
This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the…
New
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-45433
|
2026-06-5 00:26 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
983
|
9.1 |
CRITICAL
Network
|
-
|
-
|
A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environm…
Update
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-4035
|
2026-06-5 00:25 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
984
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the `allow_origin_pat` configuration is used. The issue arises from the use o…
Update
|
CWE-346
Origin Validation Error
|
CVE-2026-6657
|
2026-06-5 00:25 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
985
|
- |
|
-
|
-
|
A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: ver…
New
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2025-12694
|
2026-06-5 00:25 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
986
|
8.1 |
HIGH
Network
|
-
|
-
|
HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site v…
New
|
CWE-1027
|
CVE-2025-59874
|
2026-06-5 00:25 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
987
|
- |
|
-
|
-
|
An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item.
This issue affects glpi: before 11.0.7.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-5385
|
2026-06-5 00:23 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
988
|
- |
|
-
|
-
|
An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the item_name, description, or image fields of an Item and trigger unescaped rendering in the …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42839
|
2026-06-5 00:23 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
989
|
- |
|
-
|
-
|
An authenticated user can persist arbitrary HTML/JavaScript in the email_id or mobile_no fields of a Customer record and trigger unescaped rendering in the Point of Sale (POS) interface for every ope…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42840
|
2026-06-5 00:23 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
990
|
- |
|
-
|
-
|
Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event…
Update
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-8936
|
2026-06-5 00:21 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
