|
661
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to execute malicious scripts in the browse…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-44205
|
2026-06-13 00:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
662
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, stored XSS in Note was possible due to lack of sanitization. This issue has been patched in versions 15.106.0…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-47739
|
2026-06-13 00:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
663
|
8.7 |
HIGH
Network
|
-
|
-
|
Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects WEOLL: …
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-6211
|
2026-06-13 00:51 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
664
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass.
This issue …
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-6853
|
2026-06-13 00:51 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
665
|
6.5 |
MEDIUM
Network
|
apache
|
apache-airflow-providers-samba
|
The Apache Airflow Samba provider's `GCSToSambaOperator` joined GCS object names to the SMB destination path without a containment check, so an object named with `../` segments resolved a write path …
Update
|
CWE-22
Path Traversal
|
CVE-2026-49818
|
2026-06-13 00:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
666
|
9.8 |
CRITICAL
Network
|
qnap
|
qumagie
|
An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges.
We have …
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44083
|
2026-06-13 00:47 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
667
|
6.5 |
MEDIUM
Network
|
qnap
|
qts
quts_hero
|
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to mod…
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2025-62858
|
2026-06-13 00:44 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
668
|
5.4 |
MEDIUM
Network
|
microsoft
|
sharepoint_server
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Update
|
CWE-502
CWE-79
Deserialization of Untrusted Data
Cross-site Scripting
|
CVE-2026-48560
|
2026-06-13 00:41 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
669
|
4.6 |
MEDIUM
Network
|
microsoft
|
sharepoint_server
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-48562
|
2026-06-13 00:38 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
670
|
6.1 |
MEDIUM
Network
|
qnap
|
qts
quts_hero
|
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass security mechanisms or…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-41539
|
2026-06-13 00:37 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
