|
21
|
- |
|
-
|
-
|
Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0…
New
|
CWE-284
CWE-288
Improper Access Control
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-47200
|
2026-06-13 13:17 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
- |
|
-
|
-
|
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as lon…
New
|
CWE-862
Missing Authorization
|
CVE-2026-47197
|
2026-06-13 13:17 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
- |
|
-
|
-
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnostics_channel, …
New
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2026-47141
|
2026-06-13 13:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
10.0 |
CRITICAL
Network
|
-
|
-
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__"), Buffer.call.call({}.__lookupSetter__, Buffer, "__proto_…
New
|
CWE-913
Improper Control of Dynamically-Managed Code Resources
|
CVE-2026-47131
|
2026-06-13 13:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
25
|
7.7 |
HIGH
Network
|
-
|
-
|
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user roles: RoleAdmin (Role=…
New
|
CWE-863
CWE-918
Incorrect Authorization
Server-Side Request Forgery (SSRF)
|
CVE-2026-46717
|
2026-06-13 13:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
8.1 |
HIGH
Network
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 have a password reset flow that constructs the reset URL using `req.hostname`, which is derived …
New
|
CWE-20
CWE-640
Improper Input Validation
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-45013
|
2026-06-13 13:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
6.5 |
MEDIUM
Local
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create co…
New
|
CWE-78
OS Command
|
CVE-2026-42853
|
2026-06-13 13:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
7.5 |
HIGH
Network
|
-
|
-
|
The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter (`s`) in versions up to, and including, 6.0.4 The plugin hooks WordPress's `posts_request` f…
New
|
CWE-89
SQL Injection
|
CVE-2026-9848
|
2026-06-13 12:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and w…
New
|
CWE-74
Injection
|
CVE-2026-54231
|
2026-06-13 12:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
7.0 |
HIGH
Local
|
-
|
-
|
A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the O_NOFOLLOW flag. If the t…
New
|
CWE-59
Link Following
|
CVE-2026-54230
|
2026-06-13 12:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
