|
471
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/server.py) does not validate the HTTP Host header, leav…
New
|
CWE-346
CWE-350
Origin Validation Error
Reliance on Reverse DNS Resolution for a Security-Critical Action
|
CVE-2026-46611
|
2026-06-26 13:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
472
|
5.5 |
MEDIUM
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt~04! or VimCrypt~05!
method (xchacha20poly1305, requires the +sodium feature) whos…
New
|
CWE-125
CWE-191
Out-of-bounds Read
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-57452
|
2026-06-26 13:12 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
473
|
6.1 |
MEDIUM
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to 9.2.0670, get_text_props() in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of …
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-57451
|
2026-06-26 13:11 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
474
|
6.6 |
MEDIUM
Local
|
nokogiri
|
nokogiri
|
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Node#do_xinclude replaced each <xi:include> in pl…
New
|
CWE-416
Use After Free
|
CVE-2026-57438
|
2026-06-26 13:11 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
475
|
5.5 |
MEDIUM
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefi…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-55892
|
2026-06-26 12:53 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
476
|
8.8 |
HIGH
Network
|
angular
|
angular_language_service
|
The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular Language Service VS Code extension reads the custom T…
New
|
CWE-79
CWE-94
CWE-427
CWE-494
Cross-site Scripting
Code Injection
Uncontrolled Search Path Element
Download of Code Without Integrity Check
|
CVE-2026-49241
|
2026-06-26 12:47 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
477
|
8.8 |
HIGH
Network
|
angular
|
angular_language_service
|
The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown ren…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-50178
|
2026-06-26 11:57 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
478
|
5.4 |
MEDIUM
Network
|
coturn_project
|
coturn
|
Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting (XSS) vulnerability in the web-admin HTTPS interface. An attacker w…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-43915
|
2026-06-26 11:35 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
479
|
6.5 |
MEDIUM
Network
|
libssh2
|
libssh2
|
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c that allows a malicious SSH server or man-in-the-middle…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2025-15661
|
2026-06-26 11:35 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
480
|
9.8 |
CRITICAL
Network
|
coturn_project
|
coturn
|
Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decode_oauth_token_gcm(). A uint16_t nonce_len field read from an atta…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-43994
|
2026-06-26 11:30 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
