|
2621
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a …
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-9977
|
2026-06-2 03:26 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2622
|
7.5 |
HIGH
Network
|
-
|
-
|
Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When pr…
|
CWE-248
Uncaught Exception
|
CVE-2026-43988
|
2026-06-2 03:26 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2623
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Frappe HR is an open-source human resources management solution (HRMS). Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This…
|
CWE-863
Incorrect Authorization
|
CVE-2026-45081
|
2026-06-2 03:26 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2624
|
7.5 |
HIGH
Network
|
-
|
-
|
bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler (and similarly webHandlerTelegramBot) processes user-provided JSON payloads by directly using json.NewDecoder(r.Body).Decode(&…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-45047
|
2026-06-2 03:26 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2625
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions…
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2026-45046
|
2026-06-2 03:26 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2626
|
8.7 |
HIGH
Network
|
-
|
-
|
RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execut…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42197
|
2026-06-2 03:26 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2627
|
3.1 |
LOW
Network
|
apache
|
airflow
|
Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against …
|
CWE-863
Incorrect Authorization
|
CVE-2026-45426
|
2026-06-2 03:25 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2628
|
7.5 |
HIGH
Network
|
apache
|
fluss
|
Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAX_VALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap…
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-49361
|
2026-06-2 03:24 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2629
|
8.0 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval but…
|
CWE-862
Missing Authorization
|
CVE-2026-35630
|
2026-06-2 03:23 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2630
|
8.2 |
HIGH
Network
|
-
|
-
|
GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replac…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44971
|
2026-06-2 03:23 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
