|
31
|
8.7 |
HIGH
Network
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the `@apostrophecms/seo` package injects the Google Analytics Tracking ID (`seoGoogleTrackingI…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-53608
|
2026-06-16 03:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
32
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, private services (`EnableShowInService: false`) are enumer…
New
|
CWE-200
CWE-285
CWE-863
Information Exposure
Improper Authorization
Incorrect Authorization
|
CVE-2026-49397
|
2026-06-16 03:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
33
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting (XSS) due to improper n…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-49294
|
2026-06-16 03:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
34
|
7.5 |
HIGH
Network
|
-
|
-
|
Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection co…
New
|
CWE-345
CWE-863
Insufficient Verification of Data Authenticity
Incorrect Authorization
|
CVE-2026-47777
|
2026-06-16 03:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
35
|
7.1 |
HIGH
Network
|
-
|
-
|
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule…
New
|
CWE-862
CWE-863
Missing Authorization
Incorrect Authorization
|
CVE-2026-47120
|
2026-06-16 03:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
36
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an a…
New
|
CWE-22
Path Traversal
|
CVE-2026-20262
|
2026-06-16 03:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
37
|
9.8 |
CRITICAL
Network
|
-
|
-
|
GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle.
GD::Image::_make_filehandle opens a filename argument wit…
New
|
CWE-73
CWE-78
External Control of File Name or Path
OS Command
|
CVE-2026-11526
|
2026-06-16 03:16 |
2026-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
38
|
7.5 |
HIGH
Network
|
openssl
|
openssl
|
Issue summary: When a partial-chain certificate verification is enabled
together with OCSP response checking for the whole chain, a NULL dereference
will happen if the verified chain does not have a …
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42765
|
2026-06-16 03:14 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
39
|
7.5 |
HIGH
Network
|
openssl
|
openssl
|
Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive
element whose content exceeds 2 gigabytes in length may cause a heap buffer
over-read on 64-bit Unix and Unix-like platfo…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-34180
|
2026-06-16 03:13 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
40
|
7.4 |
HIGH
Network
|
openssl
|
openssl
|
Issue Summary: The PKCS#12 file processing fails to perform sufficient input
validation for files that use Password-Based Message Authentication Code 1
(PBMAC1) integrity mechanism allowing a certifi…
Update
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2026-34181
|
2026-06-16 03:13 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
