|
841
|
7.4 |
HIGH
Network
|
-
|
-
|
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totp_setup.php is callable from a session that has only passed the passwo…
Update
|
CWE-200
CWE-287
CWE-306
Information Exposure
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-44460
|
2026-06-2 03:33 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
842
|
- |
|
-
|
-
|
mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dyna…
Update
|
CWE-94
Code Injection
|
CVE-2026-44672
|
2026-06-2 03:33 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
843
|
5.9 |
MEDIUM
Network
|
github
|
enterprise_server
|
A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-8606
|
2026-06-2 03:33 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
844
|
7.5 |
HIGH
Network
|
yhirose
|
cpp-httplib
|
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::set_trusted_proxies() with a non-empty trusted-proxy list, an att…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-46527
|
2026-06-2 03:32 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
845
|
- |
|
-
|
-
|
RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb, RELATE LMS configures its Celery workers to accept and deserialize untrusted 'pickle' data. An atta…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-47161
|
2026-06-2 03:31 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
846
|
8.2 |
HIGH
Network
|
-
|
-
|
RVF (formerly Remix Validated Form) provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get (used by @rvf/core to flatten incoming …
Update
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-44483
|
2026-06-2 03:31 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
847
|
7.5 |
HIGH
Network
|
-
|
-
|
Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters (., [, ], *, **, ?). When attacker-controlle…
Update
|
CWE-22
CWE-89
CWE-915
CWE-1284
Path Traversal
SQL Injection
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Improper Validation of Specified Quantity in Input
|
CVE-2026-44635
|
2026-06-2 03:31 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
848
|
8.4 |
HIGH
Network
|
-
|
-
|
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Autho…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-45108
|
2026-06-2 03:31 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
849
|
7.8 |
HIGH
Local
|
-
|
-
|
uniget is a universal installer and updater for (container) tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files u…
Update
|
CWE-78
OS Command
|
CVE-2026-45152
|
2026-06-2 03:31 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
850
|
3.1 |
LOW
Network
|
google
|
chrome
|
Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium sec…
Update
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-9944
|
2026-06-2 03:31 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
