|
2741
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting (XSS) due to improper n…
|
CWE-79
Cross-site Scripting
|
CVE-2026-49294
|
2026-06-17 00:51 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2742
|
7.8 |
HIGH
Local
|
-
|
-
|
A code injection vulnerability in the wxExecute() function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters.
|
CWE-77
Command Injection
|
CVE-2025-56814
|
2026-06-17 00:51 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2743
|
8.0 |
HIGH
Network
|
-
|
-
|
An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force a…
|
CWE-926
Improper Export of Android Application Components
|
CVE-2025-68713
|
2026-06-17 00:51 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2744
|
6.3 |
MEDIUM
Adjacent
|
-
|
-
|
A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parse_option() (src/if-options.c:1886), the code performs a member access o…
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-70102
|
2026-06-17 00:51 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2745
|
7.8 |
HIGH
Local
|
-
|
-
|
An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component.
|
CWE-269
Improper Privilege Management
|
CVE-2026-36213
|
2026-06-17 00:51 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2746
|
- |
|
-
|
-
|
PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability in the site configuration management module.
|
-
|
CVE-2026-36521
|
2026-06-17 00:51 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2747
|
9.8 |
CRITICAL
Network
|
-
|
-
|
ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-36537
|
2026-06-17 00:51 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2748
|
6.8 |
MEDIUM
Physics
|
-
|
-
|
An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature.
|
CWE-284
Improper Access Control
|
CVE-2026-36933
|
2026-06-17 00:51 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2749
|
- |
|
-
|
-
|
Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
|
-
|
CVE-2026-37216
|
2026-06-17 00:50 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2750
|
9.8 |
CRITICAL
Network
|
-
|
-
|
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges…
|
CWE-89
SQL Injection
|
CVE-2026-38812
|
2026-06-17 00:50 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|