|
4491
|
7.5 |
HIGH
Network
|
apache
|
http_server
|
Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie*
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Users are…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-34356
|
2026-06-10 01:17 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4492
|
8.8 |
HIGH
Network
|
dlink
|
dir-823g_firmware
|
A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in…
|
CWE-266
CWE-272
Incorrect Privilege Assignment
Least Privilege Violation
|
CVE-2026-11492
|
2026-06-10 01:17 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4493
|
7.5 |
HIGH
Network
|
dlink
|
dgs-1100-08pd_firmware
|
A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least …
|
CWE-266
CWE-272
Incorrect Privilege Assignment
Least Privilege Violation
|
CVE-2026-11555
|
2026-06-10 01:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4494
|
8.8 |
HIGH
Network
|
dlink
|
dcs-5615_firmware
|
A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipul…
|
CWE-266
CWE-272
Incorrect Privilege Assignment
Least Privilege Violation
|
CVE-2026-11497
|
2026-06-10 01:16 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4495
|
- |
|
-
|
-
|
CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user…
|
CWE-611
XXE
|
CVE-2026-8045
|
2026-06-10 01:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4496
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection.
This issue affects CBS Pla…
|
CWE-89
SQL Injection
|
CVE-2026-8025
|
2026-06-10 01:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4497
|
5.3 |
MEDIUM
Network
|
-
|
-
|
In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-50589
|
2026-06-10 01:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4498
|
8.1 |
HIGH
Network
|
-
|
-
|
Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider…
|
CWE-862
Missing Authorization
|
CVE-2026-49948
|
2026-06-10 01:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4499
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of `<iframe>` el…
|
CWE-79
Cross-site Scripting
|
CVE-2026-46396
|
2026-06-10 01:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4500
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenti…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-46390
|
2026-06-10 01:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
