|
1591
|
2.5 |
LOW
Local
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtool_function_update() can corrupt RRDtool metric value…
|
CWE-474
Use of Function with Inconsistent Implementations
|
CVE-2026-39894
|
2026-06-26 05:19 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1592
|
7.6 |
HIGH
Network
|
-
|
-
|
Twenty is an open-source CRM (customer relationship management) platform. Prior to 2.9.0, Twenty was vulnerable to a cross-workspace insecure direct object reference (IDOR) in the AI agent monitor's …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-55583
|
2026-06-26 05:18 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1593
|
9.6 |
CRITICAL
Network
|
-
|
-
|
immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting (XSS) vulnerability on the /auth/login page allows a…
|
CWE-79 CWE-601
Cross-site Scripting Open Redirect
|
CVE-2026-53662
|
2026-06-26 05:18 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1594
|
9.0 |
CRITICAL
Network
|
-
|
-
|
LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-54157
|
2026-06-26 05:18 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1595
|
- |
|
-
|
-
|
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs incorrect byte length calculations resulting in heap …
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-54257
|
2026-06-26 05:18 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1596
|
7.8 |
HIGH
Local
|
-
|
-
|
rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treat…
|
CWE-863
Incorrect Authorization
|
CVE-2026-54555
|
2026-06-26 05:18 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1597
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled `HTTP_HOST` request header as the authoritative source for buildin…
|
CWE-20 CWE-601
Improper Input Validation Open Redirect
|
CVE-2026-54588
|
2026-06-26 05:18 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1598
|
6.9 |
MEDIUM
Network
|
-
|
-
|
Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection (Formula Injection) in its log export functionality. User-cont…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-47693
|
2026-06-26 05:18 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1599
|
8.8 |
HIGH
Local
|
-
|
-
|
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-54639
|
2026-06-26 05:18 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1600
|
- |
|
-
|
-
|
OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, `FileFormatSpi3D.cpp:163` uses `sscanf` with `%s` into 64-byte stack buffers when parsing LUT dat…
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-42450
|
2026-06-26 05:18 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|