|
3401
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456789") lets an unauthenticated attacker …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-45631
|
2026-06-2 02:17 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3402
|
8.1 |
HIGH
Network
|
apache
|
apache-airflow-providers-google
|
Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attac…
|
CWE-322
Key Exchange without Entity Authentication
|
CVE-2026-45361
|
2026-06-2 02:17 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3403
|
7.7 |
HIGH
Network
|
-
|
-
|
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network pro…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44285
|
2026-06-2 02:17 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3404
|
6.1 |
MEDIUM
Network
|
-
|
-
|
SourceCodester Doctor Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) due to improper handling of user supplied input in the user registration functionality in register.php.
|
CWE-79
Cross-site Scripting
|
CVE-2026-36324
|
2026-06-2 02:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3405
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the arg…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-10190
|
2026-06-2 02:16 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3406
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads …
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-10154
|
2026-06-2 02:16 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3407
|
3.8 |
LOW
Network
|
tfa_basic_plugins_project
|
tfa_basic_plugins
|
An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users.
This issue affects TFA Basic Plugins…
|
CWE-267
Privilege Defined With Unsafe Actions
|
CVE-2026-6816
|
2026-06-2 02:15 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3408
|
8.8 |
HIGH
Network
|
apache
|
activemq
|
Incorrect Default Permissions vulnerability in Apache ActiveMQ.
This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6.
The default Jolokia authorization settings granted non-ad…
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-49157
|
2026-06-2 02:09 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3409
|
5.9 |
MEDIUM
Network
|
apache
|
activemq
activemq_broker
|
Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All.
Brokers that are configured with a network connector with syncDurabl…
|
CWE-1230
Exposure of Sensitive Information Through Metadata
|
CVE-2026-49270
|
2026-06-2 02:09 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3410
|
8.8 |
HIGH
Network
|
apache
|
activemq
activemq_broker
|
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.
Non-parenthesized discovery wrapp…
|
CWE-20
CWE-94
Improper Input Validation
Code Injection
|
CVE-2026-45505
|
2026-06-2 02:09 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
