|
501
|
- |
|
-
|
-
|
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an att…
|
CWE-77
CWE-88
CWE-829
Command Injection
Argument Injection
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-46529
|
2026-06-12 23:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
502
|
7.0 |
HIGH
Network
|
-
|
-
|
Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request config processing. If another vulnerab…
|
CWE-94
CWE-1321
Code Injection
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-44495
|
2026-06-12 23:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
503
|
7.5 |
HIGH
Network
|
vmware
|
spring_for_graphql
|
The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are …
|
CWE-284
Improper Access Control
|
CVE-2026-41856
|
2026-06-12 23:14 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
504
|
8.1 |
HIGH
Network
|
vmware
|
spring_for_graphql
|
Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page,…
|
CWE-346
Origin Validation Error
|
CVE-2026-41700
|
2026-06-12 23:13 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
505
|
7.5 |
HIGH
Network
|
sqlfluff
|
sqlfluff
|
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be l…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-46373
|
2026-06-12 23:10 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
506
|
7.5 |
HIGH
Network
|
sqlfluff
|
sqlfluff
|
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be l…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-46374
|
2026-06-12 23:01 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
507
|
7.5 |
HIGH
Network
|
pipecat
|
pipecat
|
Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pip…
|
CWE-22
Path Traversal
|
CVE-2026-44716
|
2026-06-12 23:00 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
508
|
6.5 |
MEDIUM
Network
|
qnap
|
file_station
|
A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-22899
|
2026-06-12 22:49 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
509
|
6.5 |
MEDIUM
Network
|
qnap
|
file_station
|
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-24720
|
2026-06-12 22:49 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
510
|
4.4 |
MEDIUM
Local
|
qnap
|
license_center
|
A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpect…
|
CWE-22
Path Traversal
|
CVE-2025-62851
|
2026-06-12 22:47 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
