|
711
|
5.4 |
MEDIUM
Network
|
microsoft
|
sharepoint_server
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-45465
|
2026-06-11 05:26 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
712
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP (Dynamic Host Configuration Protocol) options, such as a malic…
New
|
CWE-78
OS Command
|
CVE-2026-6893
|
2026-06-11 05:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
713
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-45106
|
2026-06-11 05:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
714
|
- |
|
-
|
-
|
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet opt…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-46683
|
2026-06-11 05:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
715
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCS_RESTRICT_PRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, o…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-50127
|
2026-06-11 05:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
716
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service (degraded availability) by sending crafted …
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-10740
|
2026-06-11 05:19 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
717
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections.
The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by ne…
New
|
CWE-93
CRLF Injection
|
CVE-2026-50639
|
2026-06-11 05:19 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
718
|
7.5 |
HIGH
Network
|
-
|
-
|
Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability al…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-36818
|
2026-06-11 05:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
719
|
7.5 |
HIGH
Network
|
-
|
-
|
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-36817
|
2026-06-11 05:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
720
|
7.5 |
HIGH
Network
|
-
|
-
|
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability a…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-36816
|
2026-06-11 05:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
