|
2211
|
7.5 |
HIGH
Network
|
-
|
-
|
Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to mac…
|
CWE-22
Path Traversal
|
CVE-2017-20250
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2212
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes thro…
|
CWE-94
Code Injection
|
CVE-2017-20251
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2213
|
7.8 |
HIGH
Local
|
-
|
-
|
A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is inse…
|
CWE-74
CWE-94
CWE-116
Injection
Code Injection
Improper Encoding or Escaping of Output
|
CVE-2026-8795
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2214
|
7.5 |
HIGH
Network
|
-
|
-
|
In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service (DoS) condition.
Affected versions:
Micrometer 1.16.0 through 1.16.5; 1.15.0 th…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-40983
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2215
|
7.5 |
HIGH
Network
|
-
|
-
|
In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Affected versions:
micrometer-core 1.16.0 through 1.16.5; 1.15…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-40984
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2216
|
5.9 |
MEDIUM
Network
|
-
|
-
|
An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects an…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41710
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2217
|
6.1 |
MEDIUM
Network
|
-
|
-
|
In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been e…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-41715
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2218
|
7.4 |
HIGH
Network
|
-
|
-
|
Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password.
Affected versions:
Spring LDAP 2.4.0 …
|
CWE-287
Improper Authentication
|
CVE-2026-41720
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2219
|
4.2 |
MEDIUM
Network
|
-
|
-
|
A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exchanging a known session ID for that of an authent…
|
CWE-384
Session Fixation
|
CVE-2026-41839
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2220
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-41840
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
