|
271
|
9.0 |
CRITICAL
Network
|
termix
|
termix
|
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Brok…
Update
|
CWE-284
CWE-639
Improper Access Control
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45746
|
2026-06-9 00:00 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272
|
- |
|
-
|
-
|
A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regul…
New
|
CWE-22
CWE-269
Path Traversal
Improper Privilege Management
|
CVE-2026-11423
|
2026-06-9 00:00 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273
|
- |
|
-
|
-
|
A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is t…
New
|
CWE-200
CWE-918
Information Exposure
Server-Side Request Forgery (SSRF)
|
CVE-2026-11424
|
2026-06-9 00:00 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274
|
- |
|
-
|
-
|
A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that us…
New
|
CWE-22
CWE-94
Path Traversal
Code Injection
|
CVE-2026-11429
|
2026-06-9 00:00 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275
|
- |
|
-
|
-
|
A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypas…
New
|
CWE-22
CWE-200
Path Traversal
Information Exposure
|
CVE-2026-11431
|
2026-06-9 00:00 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276
|
- |
|
-
|
-
|
Incorrect authorization in the User Messages dashboard widget in Checkmk <2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing a…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-7765
|
2026-06-9 00:00 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277
|
- |
|
-
|
-
|
Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validati…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8833
|
2026-06-9 00:00 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278
|
8.1 |
HIGH
Network
|
termix
|
termix
|
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /users/totp/disable` and `POST /users/totp/backup-codes` endpoints in Termix pr…
Update
|
CWE-308
Use of Single-factor Authentication
|
CVE-2026-45749
|
2026-06-8 23:59 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47982
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settings[…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47983
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
