|
761
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTH_I…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-48107
|
2026-06-12 00:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
762
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, …
New
|
CWE-20
Improper Input Validation
|
CVE-2026-48108
|
2026-06-12 00:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
763
|
- |
|
-
|
-
|
Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add() handler attempted to remove an attacker-supplied id from $params before normalizing the …
New
|
CWE-20
Improper Input Validation
|
CVE-2026-53901
|
2026-06-12 00:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
764
|
- |
|
-
|
-
|
Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-53911
|
2026-06-12 00:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
765
|
- |
|
-
|
-
|
Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored the registrant’s hashed password in the inbox message data payload. Th…
New
|
CWE-200
Information Exposure
|
CVE-2026-53912
|
2026-06-12 00:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
766
|
8.7 |
HIGH
Network
|
-
|
-
|
GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authentic…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-10087
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
767
|
4.3 |
MEDIUM
Network
|
-
|
-
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that could have allowed an authenticated user to cause den…
New
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2026-10733
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
768
|
6.5 |
MEDIUM
Network
|
-
|
-
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authe…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-1500
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
769
|
3.1 |
LOW
Network
|
-
|
-
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authen…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-3553
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
770
|
- |
|
-
|
-
|
A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potent…
New
|
CWE-862
Missing Authorization
|
CVE-2026-4764
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
