|
941
|
- |
|
-
|
-
|
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML integration does not veri…
|
CWE-862
Missing Authorization
|
CVE-2026-45677
|
2026-06-25 23:19 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
942
|
8.5 |
HIGH
Network
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.0, as an authorized user, an intruder can dictate the value which is passed to the git diff command which, together with bypassing the fi…
|
CWE-22
Path Traversal
|
CVE-2026-52797
|
2026-06-25 23:19 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
943
|
7.5 |
HIGH
Network
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated …
|
CWE-639
CWE-862
Authorization Bypass Through User-Controlled Key
Missing Authorization
|
CVE-2026-52799
|
2026-06-25 23:19 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
944
|
8.1 |
HIGH
Network
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs Mirror Settings functionality provide an alternative way from the well protected New Migration functionality for any authenti…
|
CWE-20
Improper Input Validation
|
CVE-2026-52801
|
2026-06-25 23:19 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
945
|
- |
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service (DoS) attack. The application accept…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-52814
|
2026-06-25 23:19 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
946
|
8.1 |
HIGH
Network
|
-
|
-
|
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, the POST /api/v1/fingerprint REST endpoint enforces …
|
CWE-862
Missing Authorization
|
CVE-2026-55762
|
2026-06-25 23:19 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
947
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insuffi…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9620
|
2026-06-25 23:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
948
|
7.5 |
HIGH
Network
|
-
|
-
|
The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to and including 1.8. This is due to …
|
CWE-89
SQL Injection
|
CVE-2026-9179
|
2026-06-25 23:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
949
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Avalon23 Products Filter for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'avalon23_qr' shortcode in all versions up to, and including, 1.1.6. This is due…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8865
|
2026-06-25 23:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
950
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to a missing capability check and missing nonc…
|
CWE-862
Missing Authorization
|
CVE-2026-8617
|
2026-06-25 23:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
