|
661
|
7.5 |
HIGH
Network
|
ibm
|
datacap
datacap_navigator
|
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys …
|
CWE-316
Cleartext Storage of Sensitive Information in Memory
|
CVE-2026-8636
|
2026-06-27 06:20 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
662
|
5.3 |
MEDIUM
Network
|
ibm
|
datacap
datacap_navigator
|
IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, …
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2026-9610
|
2026-06-27 06:19 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
663
|
8.8 |
HIGH
Network
|
misp-project
|
misp
|
The Azure Active Directory (AAD) authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees pro…
|
CWE-384
Session Fixation
|
CVE-2026-56425
|
2026-06-27 05:33 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
664
|
7.5 |
HIGH
Network
|
vllm
|
vllm
|
vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can subm…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-56340
|
2026-06-27 05:29 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
665
|
7.5 |
HIGH
Network
|
vllm
|
vllm
|
vLLM versions >= 0.6.3 and < 0.9.0 contain multiple regular expression denial of service (ReDoS) vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the Ope…
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2025-71379
|
2026-06-27 05:25 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
666
|
7.5 |
HIGH
Network
|
-
|
-
|
Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with…
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2021-47987
|
2026-06-27 05:22 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
667
|
5.4 |
MEDIUM
Network
|
ibm
|
engineering_workflow_management
|
IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to …
|
CWE-79
Cross-site Scripting
|
CVE-2025-33128
|
2026-06-27 05:20 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
668
|
5.0 |
MEDIUM
Network
|
jenkins
|
git_client
|
Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name…
|
CWE-78
OS Command
|
CVE-2026-57282
|
2026-06-27 05:20 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
669
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0-beta.2, the local HTTP server started by nx graph sent Access-Control-Allow-Origin: * on every res…
|
CWE-749
CWE-942
Exposed Dangerous Method or Function
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-54753
|
2026-06-27 05:20 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
670
|
7.5 |
HIGH
Network
|
-
|
-
|
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and field vi…
|
CWE-200
CWE-862
Information Exposure
Missing Authorization
|
CVE-2026-47193
|
2026-06-27 05:20 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
