|
311
|
7.7 |
HIGH
Network
|
-
|
-
|
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user roles: RoleAdmin (Role=…
|
CWE-863
CWE-918
Incorrect Authorization
Server-Side Request Forgery (SSRF)
|
CVE-2026-46717
|
2026-06-13 13:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312
|
8.1 |
HIGH
Network
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 have a password reset flow that constructs the reset URL using `req.hostname`, which is derived …
|
CWE-20
CWE-640
Improper Input Validation
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-45013
|
2026-06-13 13:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313
|
6.5 |
MEDIUM
Local
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create co…
|
CWE-78
OS Command
|
CVE-2026-42853
|
2026-06-13 13:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314
|
7.5 |
HIGH
Network
|
-
|
-
|
The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter (`s`) in versions up to, and including, 6.0.4 The plugin hooks WordPress's `posts_request` f…
|
CWE-89
SQL Injection
|
CVE-2026-9848
|
2026-06-13 12:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and w…
|
CWE-74
Injection
|
CVE-2026-54231
|
2026-06-13 12:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316
|
7.0 |
HIGH
Local
|
-
|
-
|
A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the O_NOFOLLOW flag. If the t…
|
CWE-59
Link Following
|
CVE-2026-54230
|
2026-06-13 12:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317
|
7.0 |
HIGH
Local
|
-
|
-
|
A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DD_OPEN_READONLY and calls dd_chown to change ownership of all files …
|
CWE-362
Race Condition
|
CVE-2026-54229
|
2026-06-13 12:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318
|
7.8 |
HIGH
Local
|
-
|
-
|
A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can c…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-54228
|
2026-06-13 12:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319
|
- |
|
-
|
-
|
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the latest release suppresses mentions in several moderation commands, but /unban an…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-47188
|
2026-06-13 12:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
320
|
- |
|
-
|
-
|
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies w…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-47175
|
2026-06-13 12:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
