|
3321
|
8.8 |
HIGH
Network
|
bentoml
|
bentoml
|
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].n…
|
CWE-78
CWE-94
OS Command
Code Injection
|
CVE-2026-44346
|
2026-06-2 22:48 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3322
|
7.5 |
HIGH
Network
|
botan_project
|
botan
|
Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such …
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-44378
|
2026-06-2 22:42 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3323
|
7.2 |
HIGH
Network
|
tp-link
|
archer_be450_firmware
archer_be7200_firmware
|
An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interf…
|
CWE-20
CWE-77
Improper Input Validation
Command Injection
|
CVE-2026-5509
|
2026-06-2 22:40 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3324
|
8.8 |
HIGH
Network
|
jetbrains
|
teamcity
|
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
|
CWE-88
Argument Injection
|
CVE-2026-49373
|
2026-06-2 22:13 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3325
|
7.6 |
HIGH
Network
|
jetbrains
|
teamcity
|
In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
|
CWE-862
Missing Authorization
|
CVE-2026-49374
|
2026-06-2 22:12 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3326
|
6.1 |
MEDIUM
Network
|
jetbrains
|
teamcity
|
In JetBrains TeamCity before 2026.1,
2025.11.5 reflected XSS was possible on the repository download page
|
CWE-79
Cross-site Scripting
|
CVE-2026-49375
|
2026-06-2 22:11 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3327
|
5.0 |
MEDIUM
Network
|
-
|
-
|
The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts POST requests without any CSRF protection. If an attacker can trick a logged-in user into clicking a malicious link, the attacke…
|
CWE-352
Origin Validation Error
|
CVE-2026-49433
|
2026-06-2 22:04 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3328
|
- |
|
-
|
-
|
Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to map sensitive SMN (System Management Network) apertures lead…
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2021-46747
|
2026-06-2 22:04 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3329
|
8.4 |
HIGH
Local
|
-
|
-
|
In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. U…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2025-48595
|
2026-06-2 22:04 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3330
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component get_build_status/get_build_log/trigger_bu…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-10276
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
