|
531
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authentica…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-56774
|
2026-06-26 07:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
532
|
7.5 |
HIGH
Network
|
-
|
-
|
Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with…
New
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2021-47987
|
2026-06-26 07:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
533
|
8.8 |
HIGH
Network
|
-
|
-
|
Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth …
New
|
CWE-862
Missing Authorization
|
CVE-2026-56767
|
2026-06-26 06:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
534
|
- |
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Jupyter Notebook (ipynb) sanitizer endpoint at POST /-/api/sanitize_ipynb allows arbitrary data: URIs without proper restrictions,…
New
|
CWE-80
Basic XSS
|
CVE-2026-52816
|
2026-06-26 06:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
535
|
3.5 |
LOW
Network
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.3, specially crafted issue index pattern can cause a panic when rendering, resulting in denial of service. In internal/markup/markup.go, …
New
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-52796
|
2026-06-26 06:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
536
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.3, a malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the …
New
|
CWE-20
Improper Input Validation
|
CVE-2025-64719
|
2026-06-26 06:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
537
|
7.1 |
HIGH
Network
|
-
|
-
|
Bitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by expl…
New
|
CWE-862
Missing Authorization
|
CVE-2026-57520
|
2026-06-26 05:22 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
538
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit
New
|
CWE-88
Argument Injection
|
CVE-2026-11968
|
2026-06-26 05:21 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
539
|
8.0 |
HIGH
Network
|
-
|
-
|
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, w…
New
|
CWE-59
Link Following
|
CVE-2026-23879
|
2026-06-26 05:21 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
540
|
7.2 |
HIGH
Network
|
-
|
-
|
3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by …
New
|
CWE-73
External Control of File Name or Path
|
CVE-2026-55477
|
2026-06-26 05:21 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
