|
1621
|
- |
|
-
|
-
|
Permissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-13350
|
2026-06-26 05:11 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1622
|
8.1 |
HIGH
Network
|
-
|
-
|
An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker to execute arbitrary code via the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-39253
|
2026-06-26 04:58 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1623
|
- |
|
-
|
-
|
FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions 0.6.21 through 0.7.2 are vulnerable to IDOR through…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-64105
|
2026-06-26 04:58 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1624
|
- |
|
-
|
-
|
Server-Side Request Forgery (SSRF) (CWE-918) in the PDF generation endpoint GET /api/reports/{id}/pdf (backend/main.py) in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-13150
|
2026-06-26 04:58 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1625
|
- |
|
-
|
-
|
Open redirect vulnerability (CWE-601) in the _safe_redirect function of the click-tracking endpoint (/c/<token>/) in Mailerup <1.0.0 on all platforms allows remote unauthenticated attackers to redire…
|
CWE-601
Open Redirect
|
CVE-2026-13163
|
2026-06-26 04:58 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1626
|
- |
|
-
|
-
|
Missing Authentication for Critical Function (CWE-306) in the RegisterView (apps/accounts/views.py), exposed at POST /api/auth/register/, in MailerUp <1.0.1 allows a remote, unauthenticated attacker …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-13164
|
2026-06-26 04:58 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1627
|
7.7 |
HIGH
Network
|
-
|
-
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-33235
|
2026-06-26 04:58 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1628
|
- |
|
-
|
-
|
FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/create, intended for initial administrator bootstrap. D…
|
CWE-288 CWE-306
Authentication Bypass Using an Alternate Path or Channel Missing Authentication for Critical Function
|
CVE-2026-33543
|
2026-06-26 04:58 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1629
|
5.5 |
MEDIUM
Network
|
-
|
-
|
Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the serv…
|
CWE-22
Path Traversal
|
CVE-2026-55439
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1630
|
7.8 |
HIGH
Local
|
-
|
-
|
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine (glances/plugins/vms/engines/virsh.py) passes VM domain names, read directly fr…
|
CWE-78
OS Command
|
CVE-2026-46606
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|