|
3351
|
- |
|
-
|
-
|
This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the…
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-45433
|
2026-06-5 00:26 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3352
|
9.1 |
CRITICAL
Network
|
-
|
-
|
A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environm…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-4035
|
2026-06-5 00:25 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3353
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the `allow_origin_pat` configuration is used. The issue arises from the use o…
|
CWE-346
Origin Validation Error
|
CVE-2026-6657
|
2026-06-5 00:25 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3354
|
- |
|
-
|
-
|
A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: ver…
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2025-12694
|
2026-06-5 00:25 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3355
|
8.1 |
HIGH
Network
|
-
|
-
|
HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site v…
|
CWE-1027
|
CVE-2025-59874
|
2026-06-5 00:25 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3356
|
- |
|
-
|
-
|
An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item.
This issue affects glpi: before 11.0.7.
|
CWE-79
Cross-site Scripting
|
CVE-2026-5385
|
2026-06-5 00:23 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3357
|
- |
|
-
|
-
|
An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the item_name, description, or image fields of an Item and trigger unescaped rendering in the …
|
CWE-79
Cross-site Scripting
|
CVE-2026-42839
|
2026-06-5 00:23 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3358
|
- |
|
-
|
-
|
An authenticated user can persist arbitrary HTML/JavaScript in the email_id or mobile_no fields of a Customer record and trigger unescaped rendering in the Point of Sale (POS) interface for every ope…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42840
|
2026-06-5 00:23 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3359
|
- |
|
-
|
-
|
Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-8936
|
2026-06-5 00:21 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3360
|
5.3 |
MEDIUM
Network
|
-
|
-
|
daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 (unlimited), an unauthenticated remote a…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-44545
|
2026-06-5 00:21 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
