|
411
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data.
This issue affects Hash Elements: from n…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-24618
|
2026-06-13 06:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
412
|
3.5 |
LOW
Network
|
-
|
-
|
A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Projects of the component Projects Management Page. The m…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-12130
|
2026-06-13 06:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
413
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/add_tod of the component Dashboard Interf…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-12129
|
2026-06-13 06:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
414
|
5.5 |
MEDIUM
Local
|
mongodb
|
mongodb
|
The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-9751
|
2026-06-13 05:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
415
|
7.5 |
HIGH
Network
|
vmware
|
spring_security
|
An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-40988
|
2026-06-13 05:38 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
416
|
5.4 |
MEDIUM
Network
|
vmware
|
spring_security
|
An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters.
Affected versions:
Spring Security 5.7.0 throug…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41003
|
2026-06-13 05:30 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
417
|
5.3 |
MEDIUM
Network
|
vmware
|
spring_security
|
Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloa…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-41694
|
2026-06-13 05:28 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
418
|
9.8 |
CRITICAL
Network
|
qnap
|
qts
|
QuTS hero is not affected.
We have already fixed the vulnerability in the following version:
QTS 5.2.7.3256 build 20250913 and later
|
NVD-CWE-noinfo
|
CVE-2025-66276
|
2026-06-13 05:25 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
419
|
6.5 |
MEDIUM
Network
|
qnap
|
qts
quts_hero
|
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read…
|
CWE-22
Path Traversal
|
CVE-2026-24717
|
2026-06-13 05:21 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
420
|
- |
|
-
|
-
|
MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fi…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-54361
|
2026-06-13 05:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
