|
71
|
8.1 |
HIGH
Network
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 have a password reset flow that constructs the reset URL using `req.hostname`, which is derived …
New
|
CWE-20
CWE-640
Improper Input Validation
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-45013
|
2026-06-13 13:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
72
|
6.5 |
MEDIUM
Local
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create co…
New
|
CWE-78
OS Command
|
CVE-2026-42853
|
2026-06-13 13:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
73
|
7.5 |
HIGH
Network
|
-
|
-
|
The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter (`s`) in versions up to, and including, 6.0.4 The plugin hooks WordPress's `posts_request` f…
New
|
CWE-89
SQL Injection
|
CVE-2026-9848
|
2026-06-13 12:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
74
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and w…
New
|
CWE-74
Injection
|
CVE-2026-54231
|
2026-06-13 12:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
75
|
7.0 |
HIGH
Local
|
-
|
-
|
A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the O_NOFOLLOW flag. If the t…
New
|
CWE-59
Link Following
|
CVE-2026-54230
|
2026-06-13 12:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
76
|
7.0 |
HIGH
Local
|
-
|
-
|
A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DD_OPEN_READONLY and calls dd_chown to change ownership of all files …
New
|
CWE-362
Race Condition
|
CVE-2026-54229
|
2026-06-13 12:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
77
|
7.8 |
HIGH
Local
|
-
|
-
|
A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can c…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-54228
|
2026-06-13 12:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
78
|
- |
|
-
|
-
|
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the latest release suppresses mentions in several moderation commands, but /unban an…
New
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-47188
|
2026-06-13 12:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
79
|
- |
|
-
|
-
|
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies w…
New
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-47175
|
2026-06-13 12:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
80
|
- |
|
-
|
-
|
tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untru…
Update
|
CWE-22
Path Traversal
|
CVE-2026-44705
|
2026-06-13 12:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
