|
4481
|
7.5 |
HIGH
Network
|
-
|
-
|
Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are vulnerable to an Algorithmic Denial of Service (DoS). By providing a specially crafted expression, an attack…
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-41850
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4482
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be vulnerable to a Denial of Service (DoS) attack if the evaluation of a SpEL expression triggers unbounded c…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41851
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4483
|
8.1 |
HIGH
Network
|
-
|
-
|
In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary cl…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-41855
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4484
|
7.1 |
HIGH
Local
|
-
|
-
|
A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), S…
|
CWE-313
Cleartext Storage in a File or on Disk
|
CVE-2026-24349
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4485
|
6.1 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All version…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2025-40808
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4486
|
4.7 |
MEDIUM
Local
|
-
|
-
|
A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbi…
|
CWE-22
Path Traversal
|
CVE-2026-52902
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4487
|
- |
|
-
|
-
|
When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content…
|
CWE-79
CWE-436
Cross-site Scripting
Interpretation Conflict
|
CVE-2026-47344
|
2026-06-9 22:46 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4488
|
- |
|
-
|
-
|
Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.
|
CWE-79
Cross-site Scripting
|
CVE-2026-47345
|
2026-06-9 22:46 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4489
|
- |
|
-
|
-
|
Backend users with access to the Form Framework were able to use files not ending in .form.yaml as form definitions, which were processed without denying the incorrect file extension. Maliciously cra…
|
CWE-862
Missing Authorization
|
CVE-2026-11607
|
2026-06-9 22:46 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4490
|
- |
|
-
|
-
|
Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active file mount due to missing authorization …
|
CWE-862
Missing Authorization
|
CVE-2026-47343
|
2026-06-9 22:46 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
