|
2771
|
9.1 |
CRITICAL
Network
|
-
|
-
|
A Server-Side Request Forgery (SSRF) in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-50887
|
2026-06-17 00:50 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2772
|
- |
|
-
|
-
|
Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET re…
|
-
|
CVE-2026-50892
|
2026-06-17 00:49 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2773
|
7.5 |
HIGH
Network
|
-
|
-
|
Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all() and FilePerms::READ without FilePerms::WRITE, this access c…
|
CWE-284
Improper Access Control
|
CVE-2026-47261
|
2026-06-17 00:49 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2774
|
- |
|
-
|
-
|
Incorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafted request.
|
-
|
CVE-2026-50891
|
2026-06-17 00:49 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2775
|
- |
|
-
|
-
|
Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without ded…
|
CWE-94 CWE-829
Code Injection Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-48124
|
2026-06-17 00:49 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2776
|
4.3 |
MEDIUM
Network
|
-
|
-
|
MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 through 10.0.0, the team join endpoint (POST /multi-ju…
|
CWE-352
Origin Validation Error
|
CVE-2026-48518
|
2026-06-17 00:49 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2777
|
7.5 |
HIGH
Network
|
-
|
-
|
OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance (tpl package-level va…
|
CWE-362 CWE-567
Race Condition Unsynchronized Access to Shared Data in a Multithreaded Context
|
CVE-2026-48708
|
2026-06-17 00:49 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2778
|
3.7 |
LOW
Network
|
-
|
-
|
OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform any auth…
|
CWE-862
Missing Authorization
|
CVE-2026-48709
|
2026-06-17 00:49 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2779
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Slim is a PHP micro framework that enables users to write simple web applications and APIs. In versions 4.4.0 through 4.15, if an application uses HttpException::setTitle() and/or setDescription() to…
|
CWE-79
Cross-site Scripting
|
CVE-2026-48157
|
2026-06-17 00:49 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2780
|
7.8 |
HIGH
Local
|
-
|
-
|
The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file…
|
CWE-78
OS Command
|
CVE-2026-48723
|
2026-06-17 00:46 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|