|
1931
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the a…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-11585
|
2026-06-9 10:32 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1932
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after …
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-46401
|
2026-06-9 05:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1933
|
8.2 |
HIGH
Network
|
-
|
-
|
CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static.yml`) uses the `pull_request_target` trigger but dan…
|
CWE-94
Code Injection
|
CVE-2026-41249
|
2026-06-9 05:17 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1934
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality N…
|
CWE-287
CWE-306
CWE-1390
Improper Authentication
Missing Authentication for Critical Function
Weak Authentication
|
CVE-2026-6274
|
2026-06-9 04:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1935
|
7.5 |
HIGH
Network
|
-
|
-
|
Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers …
|
CWE-22
Path Traversal
|
CVE-2026-50234
|
2026-06-9 04:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1936
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The applic…
|
CWE-78
OS Command
|
CVE-2026-46394
|
2026-06-9 04:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1937
|
- |
|
-
|
-
|
OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on eac…
|
CWE-772
CWE-775
Missing Release of Resource after Effective Lifetime
Missing Release of File Descriptor or Handle after Effective Lifetime
|
CVE-2026-45287
|
2026-06-9 04:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1938
|
4.3 |
MEDIUM
Network
|
-
|
-
|
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, beca…
|
CWE-650
Trusting HTTP Permission Methods on the Server Side
|
CVE-2026-42543
|
2026-06-9 04:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1939
|
- |
|
-
|
-
|
Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` as the approved shell list that customers may assign to FTP users. However…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41235
|
2026-06-9 04:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1940
|
7.8 |
HIGH
Local
|
-
|
-
|
A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-36574
|
2026-06-9 04:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
