|
591
|
- |
|
-
|
-
|
Server-Side Request Forgery (SSRF) (CWE-918) in the PDF generation endpoint GET /api/reports/{id}/pdf (backend/main.py) in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-13150
|
2026-06-26 04:58 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
592
|
- |
|
-
|
-
|
Open redirect vulnerability (CWE-601) in the _safe_redirect function of the click-tracking endpoint (/c/<token>/) in Mailerup <1.0.0 on all platforms allows remote unauthenticated attackers to redire…
New
|
CWE-601
Open Redirect
|
CVE-2026-13163
|
2026-06-26 04:58 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
593
|
- |
|
-
|
-
|
Missing Authentication for Critical Function (CWE-306) in the RegisterView (apps/accounts/views.py), exposed at POST /api/auth/register/, in MailerUp <1.0.1 allows a remote, unauthenticated attacker …
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-13164
|
2026-06-26 04:58 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
594
|
7.7 |
HIGH
Network
|
-
|
-
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-33235
|
2026-06-26 04:58 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
595
|
- |
|
-
|
-
|
FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/create, intended for initial administrator bootstrap. D…
New
|
CWE-288
CWE-306
Authentication Bypass Using an Alternate Path or Channel
Missing Authentication for Critical Function
|
CVE-2026-33543
|
2026-06-26 04:58 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
596
|
5.5 |
MEDIUM
Network
|
-
|
-
|
Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the serv…
New
|
CWE-22
Path Traversal
|
CVE-2026-55439
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
597
|
7.8 |
HIGH
Local
|
-
|
-
|
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine (glances/plugins/vms/engines/virsh.py) passes VM domain names, read directly fr…
New
|
CWE-78
OS Command
|
CVE-2026-46606
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
598
|
7.8 |
HIGH
Local
|
-
|
-
|
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load() to read a version-check cache file stored at a predictable, world-accessible pa…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-46607
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
599
|
7.4 |
HIGH
Network
|
-
|
-
|
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s) introduced a configurable CORS origin list in version 4.5.3 as a mitigation fo…
New
|
CWE-183
CWE-942
Permissive List of Allowed Inputs
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-46608
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
600
|
7.5 |
HIGH
Network
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.14, it does not stop the HTTP file handlers from…
New
|
CWE-22
CWE-59
Path Traversal
Link Following
|
CVE-2026-54094
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
