|
551
|
7.8 |
HIGH
Local
|
-
|
-
|
rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treat…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-54555
|
2026-06-26 05:18 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
552
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled `HTTP_HOST` request header as the authoritative source for buildin…
New
|
CWE-20
CWE-601
Improper Input Validation
Open Redirect
|
CVE-2026-54588
|
2026-06-26 05:18 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
553
|
6.9 |
MEDIUM
Network
|
-
|
-
|
Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection (Formula Injection) in its log export functionality. User-cont…
New
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-47693
|
2026-06-26 05:18 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
554
|
8.8 |
HIGH
Local
|
-
|
-
|
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `…
New
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-54639
|
2026-06-26 05:18 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
555
|
- |
|
-
|
-
|
OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, `FileFormatSpi3D.cpp:163` uses `sscanf` with `%s` into 64-byte stack buffers when parsing LUT dat…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-42450
|
2026-06-26 05:18 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
556
|
- |
|
-
|
-
|
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (approximately O(n²)) behavior in parse_link_text. Whe…
New
|
CWE-400
CWE-407
CWE-770
Uncontrolled Resource Consumption
Inefficient Algorithmic Complexity
Allocation of Resources Without Limits or Throttling
|
CVE-2026-49851
|
2026-06-26 05:18 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
557
|
- |
|
-
|
-
|
SeaweedFS is a distributed storage system for object storage (S3), file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers wit…
New
|
CWE-22
Path Traversal
|
CVE-2026-54917
|
2026-06-26 05:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
558
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP request to the URL stored on …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-53946
|
2026-06-26 05:17 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
559
|
- |
|
-
|
-
|
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, with NC_SECURE_ATTACHMENTS=true, an authenticated uploader could deliver .html or .svg attachments that the browser rend…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-53929
|
2026-06-26 05:17 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
560
|
- |
|
-
|
-
|
SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryption/decryption and hashing).
DPA Countermeasures …
New
|
CWE-331
Insufficient Entropy
|
CVE-2026-4930
|
2026-06-26 05:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
