|
81
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files…
New
|
CWE-459
Incomplete Cleanup
|
CVE-2026-5038
|
2026-06-16 01:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
82
|
- |
|
-
|
-
|
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 (color-control) query reply reflects attacker-controlled bytes, including newlines, into the shell's input wi…
New
|
CWE-94
CWE-150
Code Injection
Improper Neutralization of Escape, Meta, or Control Sequences
|
CVE-2026-54057
|
2026-06-16 01:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
83
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH /server/{id} accepts and persists nonexistent ddns_p…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-53521
|
2026-06-16 01:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
84
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery (SSRF) vulnerability in the radio station creation endpoint (POST /api/radio/…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-50552
|
2026-06-16 01:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
85
|
7.3 |
HIGH
Network
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the Editor role can co…
New
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-45011
|
2026-06-16 01:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
86
|
7.8 |
HIGH
Local
|
-
|
-
|
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with `cat`, a log line, an e…
New
|
CWE-94
CWE-862
Code Injection
Missing Authorization
|
CVE-2026-42851
|
2026-06-16 01:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
87
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible b…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-41157
|
2026-06-16 01:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
88
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in h…
New
|
CWE-285
CWE-939
Improper Authorization
Improper Authorization in Handler for Custom URL Scheme
|
CVE-2026-12189
|
2026-06-16 01:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
89
|
4.8 |
MEDIUM
Adjacent
|
-
|
-
|
Zephyr's native TCP stack iterates the global connection list in net_tcp_foreach() (subsys/net/ip/tcp.c) using the SYS_SLIST_FOR_EACH_CONTAINER_SAFE macro, which caches a pointer to the next list nod…
New
|
CWE-416
Use After Free
|
CVE-2026-10634
|
2026-06-16 01:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
90
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions.
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-15659
|
2026-06-16 01:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
