|
1901
|
7.1 |
HIGH
Network
|
-
|
-
|
Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belongi…
|
CWE-862
Missing Authorization
|
CVE-2026-44751
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1902
|
6.6 |
MEDIUM
Network
|
-
|
-
|
The Remote Function Call (RFC) modules of the Operational Data Provisioning Data Replication API (ODP-RFC) are missing caller identification of permitted SAP-internal applications and are being used …
|
CWE-862
Missing Authorization
|
CVE-2026-44754
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1903
|
4.3 |
MEDIUM
Network
|
-
|
-
|
SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerab…
|
CWE-346
Origin Validation Error
|
CVE-2026-44755
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1904
|
4.7 |
MEDIUM
Network
|
-
|
-
|
SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in t…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44757
|
2026-06-9 11:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1905
|
7.5 |
HIGH
Network
|
-
|
-
|
Use after free in Compositing in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
|
CWE-416
Use After Free
|
CVE-2026-11639
|
2026-06-9 10:37 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1906
|
7.5 |
HIGH
Network
|
-
|
-
|
Use after free in Bluetooth in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafte…
|
CWE-416
Use After Free
|
CVE-2026-11641
|
2026-06-9 10:37 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1907
|
5.5 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBinds results in b…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-11516
|
2026-06-9 10:34 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1908
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument f…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-11518
|
2026-06-9 10:34 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1909
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /Product_Inventory/api/users_handler.php of the comp…
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-11519
|
2026-06-9 10:34 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1910
|
3.5 |
LOW
Network
|
-
|
-
|
A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes cross site scripting. It i…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-11520
|
2026-06-9 10:34 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
