|
2591
|
- |
|
-
|
-
|
Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations.
|
CWE-259
Use of Hard-coded Password
|
CVE-2026-22055
|
2026-06-5 00:48 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2592
|
- |
|
-
|
-
|
In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receivi…
|
CWE-862
Missing Authorization
|
CVE-2026-4881
|
2026-06-5 00:48 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2593
|
7.5 |
HIGH
Network
|
-
|
-
|
React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportio…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-42342
|
2026-06-5 00:43 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2594
|
- |
|
-
|
-
|
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies.
When Tesla.Middleware.…
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-48594
|
2026-06-5 00:42 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2595
|
- |
|
-
|
-
|
Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects.
Tesla.Middleware.FollowRedirects strips securit…
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2026-48595
|
2026-06-5 00:42 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2596
|
- |
|
-
|
-
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.add_content_type_par…
|
CWE-113
HTTP Response Splitting
|
CVE-2026-48596
|
2026-06-5 00:42 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2597
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint.
Tesla.Adapter.Mint.open_conn/2 conv…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-48597
|
2026-06-5 00:42 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2598
|
- |
|
-
|
-
|
Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values.
Tesla.Multipart.part_headers_fo…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-48598
|
2026-06-5 00:42 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2599
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /receipt.php. Such manipulation of the ar…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-10811
|
2026-06-5 00:41 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2600
|
- |
|
-
|
-
|
GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7.
|
CWE-79
Cross-site Scripting
|
CVE-2026-40108
|
2026-06-5 00:41 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
