|
2381
|
7.5 |
HIGH
Network
|
-
|
-
|
The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on the file download handler, allowing unauthenticated attackers to download files uploaded by…
|
-
|
CVE-2026-8379
|
2026-06-23 23:52 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2382
|
8.1 |
HIGH
Network
|
-
|
-
|
picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported_tensor_ops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass pickles…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-71370
|
2026-06-23 23:52 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2383
|
8.3 |
HIGH
Network
|
-
|
-
|
Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers (get/put/delete/post). API keys created with mode=all but restricted to a single app via…
|
CWE-269
Improper Privilege Management
|
CVE-2026-56225
|
2026-06-23 23:52 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2384
|
7.5 |
HIGH
Network
|
-
|
-
|
Cap-go capgo (capgo-backend) before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the audit_logs table's Row-Level Security (RLS) policy when accessed via the Sup…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-56248
|
2026-06-23 23:52 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2385
|
9.8 |
CRITICAL
Network
|
-
|
-
|
picklescan before 1.0.4 fails to block at least seven Python standard library modules (including uuid, _osx_support, _aix_support, _pyrepl.pager, and imaplib) exposing eight functions that provide di…
|
CWE-184
Incomplete Blacklist
|
CVE-2026-56315
|
2026-06-23 23:52 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2386
|
7.2 |
HIGH
Network
|
-
|
-
|
An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confi…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2026-10521
|
2026-06-23 23:33 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2387
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
Missing authentication for critical function vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. CafePlus allows Accessing Functionality Not Properly Constrained by ACLs.
T…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-10711
|
2026-06-23 23:33 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2388
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce allows Reflected XSS.
Th…
|
CWE-79
Cross-site Scripting
|
CVE-2026-10857
|
2026-06-23 23:33 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2389
|
- |
|
-
|
-
|
Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-44089
|
2026-06-23 23:33 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2390
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. Attackers can …
|
CWE-22
Path Traversal
|
CVE-2026-56394
|
2026-06-23 23:17 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|