|
491
|
4.8 |
MEDIUM
Network
|
adobe
|
experience_manager
|
Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to injec…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-34694
|
2026-06-12 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
492
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted…
New
|
-
|
CVE-2026-9648
|
2026-06-12 02:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
493
|
8.1 |
HIGH
Network
|
-
|
-
|
Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized …
New
|
CWE-22
Path Traversal
|
CVE-2026-53777
|
2026-06-12 02:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
494
|
8.2 |
HIGH
Network
|
-
|
-
|
tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, p…
New
|
CWE-20
CWE-22
Improper Input Validation
Path Traversal
|
CVE-2026-49982
|
2026-06-12 02:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
495
|
7.5 |
HIGH
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and by…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-48110
|
2026-06-12 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
496
|
7.5 |
HIGH
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal tran…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-46702
|
2026-06-12 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
497
|
- |
|
-
|
-
|
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.1, on POSIX, escapeshellarg(‘/usr/bin/wkhtmltopdf’) returns the literal string ‘…
New
|
CWE-78
OS Command
|
CVE-2026-46643
|
2026-06-12 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
498
|
7.5 |
HIGH
Network
|
-
|
-
|
JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign() helper copies properties with for...in + plain assignment. When the sour…
New
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-46625
|
2026-06-12 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
499
|
7.5 |
HIGH
Network
|
-
|
-
|
libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mo…
New
|
CWE-20
CWE-400
Improper Input Validation
Uncontrolled Resource Consumption
|
CVE-2026-45783
|
2026-06-12 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
500
|
- |
|
-
|
-
|
tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untru…
New
|
CWE-22
Path Traversal
|
CVE-2026-44705
|
2026-06-12 02:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
