|
461
|
9.8 |
CRITICAL
Network
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv() (rather than gfrv() with FILTER…
New
|
CWE-89
SQL Injection
|
CVE-2026-39948
|
2026-06-26 14:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
462
|
9.8 |
CRITICAL
Network
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graph_theme and rrdtool IPC serialization hardening. This issue has been…
New
|
CWE-22
CWE-78
Path Traversal
OS Command
|
CVE-2026-39938
|
2026-06-26 14:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
463
|
9.8 |
CRITICAL
Network
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpo…
New
|
CWE-89
SQL Injection
|
CVE-2026-39893
|
2026-06-26 14:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
464
|
7.8 |
HIGH
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word through a spell file's SOFO (sound-folding) byte …
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-57455
|
2026-06-26 13:23 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
465
|
6.1 |
MEDIUM
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property …
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-57454
|
2026-06-26 13:22 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
466
|
8.5 |
HIGH
Network
|
-
|
-
|
NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the add_url endpoint that allows authenticated users to make arbitrary server requests to internal networks by f…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-56771
|
2026-06-26 13:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
467
|
8.2 |
HIGH
Network
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.16, a scoped, non-admin File Browser user holdin…
New
|
CWE-22
CWE-59
Path Traversal
Link Following
|
CVE-2026-55667
|
2026-06-26 13:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
468
|
- |
|
-
|
-
|
Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename withou…
New
|
CWE-22
Path Traversal
|
CVE-2026-55092
|
2026-06-26 13:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
469
|
6.5 |
MEDIUM
Network
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, unchecked passwords maximums allow for an arb…
New
|
CWE-400
CWE-1284
Uncontrolled Resource Consumption
Improper Validation of Specified Quantity in Input
|
CVE-2026-54092
|
2026-06-26 13:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
470
|
- |
|
-
|
-
|
pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. The lockfile do…
New
|
CWE-353
Missing Support for Integrity Check
|
CVE-2026-48995
|
2026-06-26 13:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
