|
151
|
- |
|
-
|
-
|
A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-54360
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
- |
|
-
|
-
|
MISP contains an insecure default configuration in which the Security.check_sec_fetch_site_header control is disabled. When this setting is disabled, state-changing requests such as POST, PUT, or AJA…
New
|
CWE-352
CWE-1188
Origin Validation Error
Insecure Default Initialization of Resource
|
CVE-2026-54359
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
- |
|
-
|
-
|
An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functio…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-54358
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
- |
|
-
|
-
|
An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organiza…
New
|
CWE-639
CWE-863
Authorization Bypass Through User-Controlled Key
Incorrect Authorization
|
CVE-2026-54357
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
5.0 |
MEDIUM
Local
|
-
|
-
|
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the…
New
|
CWE-59
CWE-367
CWE-426
Link Following
Time-of-check Time-of-use (TOCTOU) Race Condition
Untrusted Search Path
|
CVE-2026-54055
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery (SSRF) vulnerability in the radio station creation endpoint (POST /api/radio/…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-50552
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
- |
|
-
|
-
|
AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCP_HTTP=1. In that mode,…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-50287
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
- |
|
-
|
-
|
Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue.
New
|
CWE-22
Path Traversal
|
CVE-2026-43872
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
- |
|
-
|
-
|
Actual is an open-source personal finance application. In the macOS desktop application version 25.x (built on Electron 39.2.7), the ELECTRON_RUN_AS_NODE fuse is not disabled, allowing an attacker wh…
New
|
CWE-94
Code Injection
|
CVE-2026-42890
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
7.8 |
HIGH
Local
|
-
|
-
|
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with `cat`, a log line, an e…
New
|
CWE-94
CWE-862
Code Injection
Missing Authorization
|
CVE-2026-42851
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
