|
2241
|
- |
|
-
|
-
|
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a vulnerabilit…
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2026-50170
|
2026-06-24 02:17 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2242
|
6.9 |
MEDIUM
Local
|
libexpat_project
|
libexpat
|
libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-56406
|
2026-06-24 01:29 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2243
|
6.9 |
MEDIUM
Local
|
libexpat_project
|
libexpat
|
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-56407
|
2026-06-24 01:28 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2244
|
6.9 |
MEDIUM
Local
|
libexpat_project
|
libexpat
|
libexpat before 2.8.2 has an integer overflow in copyString.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-56408
|
2026-06-24 01:27 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2245
|
6.5 |
MEDIUM
Local
|
libexpat_project
|
libexpat
|
xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-56409
|
2026-06-24 01:21 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2246
|
6.9 |
MEDIUM
Local
|
libexpat_project
|
libexpat
|
xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-56410
|
2026-06-24 01:18 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2247
|
7.4 |
HIGH
Local
|
-
|
-
|
pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor.
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-56815
|
2026-06-24 01:17 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2248
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application uses simple…
|
CWE-611
XXE
|
CVE-2026-56701
|
2026-06-24 01:17 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2249
|
7.2 |
HIGH
Network
|
misp-project
|
misp
|
MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Because log entries can include attacker-controlled content, an authenticated…
|
CWE-94
Code Injection
|
CVE-2026-56446
|
2026-06-24 01:17 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2250
|
7.5 |
HIGH
Network
|
-
|
-
|
Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channel_self endpoint that allows unauthenticated attackers to enumerate non-public channel names and deter…
|
CWE-200
Information Exposure
|
CVE-2026-56323
|
2026-06-24 01:17 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|