|
3821
|
8.2 |
HIGH
Network
|
-
|
-
|
F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-suppli…
|
CWE-22
Path Traversal
|
CVE-2026-43624
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3822
|
5.9 |
MEDIUM
Network
|
-
|
-
|
CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp a…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-43625
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3823
|
7.1 |
HIGH
Network
|
-
|
-
|
CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in tempora…
|
CWE-377
Insecure Temporary File
|
CVE-2026-49134
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3824
|
7.1 |
HIGH
Local
|
-
|
-
|
CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictabl…
|
CWE-59
CWE-377
Link Following
Insecure Temporary File
|
CVE-2026-49135
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3825
|
5.0 |
MEDIUM
Network
|
-
|
-
|
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the web_fetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL th…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-49138
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3826
|
- |
|
-
|
-
|
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by su…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-49139
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3827
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth b…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-49140
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3828
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers ca…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2018-25427
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3829
|
8.2 |
HIGH
Network
|
-
|
-
|
Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers…
|
CWE-89
SQL Injection
|
CVE-2018-25428
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3830
|
7.1 |
HIGH
Network
|
-
|
-
|
Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can…
|
CWE-89
SQL Injection
|
CVE-2018-25429
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
