|
3781
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred allows Stored XSS.
This issue affects myCred: from n/a through 3.0.4.
|
CWE-79
Cross-site Scripting
|
CVE-2026-42676
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3782
|
7.5 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in Ben Balter WP Document Revisions allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects WP Document Revisions: from n/a be…
|
CWE-862
Missing Authorization
|
CVE-2026-42677
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3783
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liquid Web / StellarWP GiveWP allows DOM-Based XSS.
This issue affects GiveWP: from n/a through …
|
CWE-79
Cross-site Scripting
|
CVE-2026-42678
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3784
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mamunur Rashid Classified Listing allows Path Traversal.
This issue affects Classified Listing: from n…
|
CWE-22
Path Traversal
|
CVE-2026-42679
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3785
|
6.5 |
MEDIUM
Network
|
rust-lang
|
cargo
|
Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary na…
|
CWE-647
Use of Non-Canonical URL Paths for Authorization Decisions
|
CVE-2026-5222
|
2026-06-2 02:56 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3786
|
7.8 |
HIGH
Local
|
mediatek
|
mt6739_firmware
mt6761_firmware
mt6765_firmware
mt6768_firmware
mt6781_firmware
mt6789_firmware
mt6835_firmware
mt6853_firmware
mt6855_firmware
mt6877_firmware
mt6878_fi…
|
In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. U…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-20455
|
2026-06-2 02:56 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3787
|
5.5 |
MEDIUM
Local
|
mediatek
|
mt7902_firmware
mt7920_firmware
mt7921_firmware
mt7922_firmware
mt7925_firmware
mt7927_firmware
|
In wlan STA driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with User execution privileges needed. User interaction is not needed fo…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-20456
|
2026-06-2 02:54 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3788
|
9.8 |
CRITICAL
Network
|
redhat
samba
|
openshift_container_platform
samba
enterprise_linux
|
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J"
substitution charac…
|
CWE-78
OS Command
|
CVE-2026-4480
|
2026-06-2 02:53 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3789
|
5.3 |
MEDIUM
Network
|
rust-lang
|
cargo
|
Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The…
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-5223
|
2026-06-2 02:52 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3790
|
7.4 |
HIGH
Network
|
pyjwt_project
|
pyjwt
|
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate…
|
CWE-287
CWE-347
Improper Authentication
Improper Verification of Cryptographic Signature
|
CVE-2026-48526
|
2026-06-2 02:45 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
