|
2281
|
5.3 |
MEDIUM
Network
|
-
|
-
|
HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client …
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2020-25900
|
2026-06-6 01:04 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2282
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unkno…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-11333
|
2026-06-6 01:04 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2283
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file d…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-11334
|
2026-06-6 01:04 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2284
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function session_start of the file /…
|
CWE-384
Session Fixation
|
CVE-2026-11335
|
2026-06-6 01:04 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2285
|
5.3 |
MEDIUM
Network
|
-
|
-
|
quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-40898
|
2026-06-6 01:01 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2286
|
7.2 |
HIGH
Local
|
-
|
-
|
Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/arc…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-41567
|
2026-06-6 01:01 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2287
|
- |
|
-
|
-
|
The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptograp…
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-48480
|
2026-06-6 01:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2288
|
6.3 |
MEDIUM
Network
|
-
|
-
|
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application ca…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-42538
|
2026-06-6 01:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2289
|
7.6 |
HIGH
Network
|
-
|
-
|
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-edit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41518
|
2026-06-6 01:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2290
|
- |
|
-
|
-
|
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at `/graphql…
|
CWE-285
Improper Authorization
|
CVE-2026-41522
|
2026-06-6 01:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
