|
361
|
- |
|
-
|
-
|
HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signatur…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-6331
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362
|
- |
|
-
|
-
|
HTMLy 3.1.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the RSS feed import functionality. The function get_feed() in system/admin/admin.php passes user-supplied $feed_url directly…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-57940
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363
|
7.7 |
HIGH
Network
|
-
|
-
|
Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/{orgId} endpoints.
New
|
CWE-551
|
CVE-2026-57920
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364
|
3.5 |
LOW
Network
|
-
|
-
|
Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens(), which substitutes user-controlled values into event-integration templates wit…
New
|
CWE-74
Injection
|
CVE-2026-57522
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
365
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organization…
New
|
CWE-862
Missing Authorization
|
CVE-2026-57521
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join() without sanitization, allowing file writes to arbitrary paths.
New
|
CWE-22
Path Traversal
|
CVE-2026-56445
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
367
|
7.8 |
HIGH
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iterative…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-55693
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
368
|
7.3 |
HIGH
Network
|
-
|
-
|
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predi…
New
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-54479
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
369
|
- |
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, a low-privileged authenticated user of filebr…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-54097
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
370
|
7.5 |
HIGH
Network
|
-
|
-
|
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks o…
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-50176
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
