|
2781
|
7.7 |
HIGH
Network
|
-
|
-
|
Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in the URL download feature does no…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-47684
|
2026-06-17 00:46 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2782
|
8.2 |
HIGH
Network
|
-
|
-
|
Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and ga…
|
CWE-287
Improper Authentication
|
CVE-2026-48780
|
2026-06-17 00:46 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2783
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Versions prior to 2.6.6 are vulnerable to prototype pollution via crafted missing-key strings when used to persist missing translation keys (e.g. via i18next-http-middleware's missingKeyHandler expos…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-48713
|
2026-06-17 00:46 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2784
|
9.1 |
CRITICAL
Network
|
-
|
-
|
i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9.7, the missingKeyHandler blocked the literal request…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-48714
|
2026-06-17 00:46 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2785
|
7.1 |
HIGH
Local
|
-
|
-
|
A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path()` method in `kedro/io/core.py` directly interpolat…
|
CWE-22
Path Traversal
|
CVE-2026-3840
|
2026-06-17 00:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2786
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting clie…
|
CWE-415
Double Free
|
CVE-2026-12043
|
2026-06-17 00:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2787
|
7.5 |
HIGH
Network
|
-
|
-
|
form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `field` argument to `FormData#append` and the `filename` option are concatenated verbatim into…
|
CWE-93
CRLF Injection
|
CVE-2026-12143
|
2026-06-17 00:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2788
|
7.5 |
HIGH
Network
|
-
|
-
|
IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser.
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-4870
|
2026-06-17 00:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2789
|
- |
|
-
|
-
|
We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator.
### S…
|
CWE-22
Path Traversal
|
CVE-2026-11769
|
2026-06-17 00:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2790
|
- |
|
-
|
-
|
The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users ha…
|
CWE-346
Origin Validation Error
|
CVE-2026-11624
|
2026-06-17 00:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|