|
771
|
7.5 |
HIGH
Network
|
envoyproxy
|
envoy
|
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy can translate a downstream HTTP/3 request that is complete a…
Update
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-48743
|
2026-06-30 03:27 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
772
|
5.9 |
MEDIUM
Network
|
envoyproxy
|
envoy
|
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free (UAF) vulnerability leading to a sudden segmentat…
New
|
CWE-416
Use After Free
|
CVE-2026-47205
|
2026-06-30 03:21 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
773
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-57959
|
2026-06-30 03:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
774
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Mixpost through 2.6.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in authenticated users' browsers by crafting malici…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-57958
|
2026-06-30 03:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
775
|
4.7 |
MEDIUM
Network
|
-
|
-
|
Papermark through 0.22.0 contains a cross-origin resource sharing (CORS) misconfiguration vulnerability that allows unauthenticated remote attackers to perform credentialed cross-origin requests by e…
New
|
CWE-942
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-57957
|
2026-06-30 03:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
776
|
6.4 |
MEDIUM
Network
|
-
|
-
|
SigNoz through 0.130.1 contains a broken access control vulnerability that allows authenticated users to access other organizations' alert rules by supplying a target rule UUID, as the alert rule sto…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-57956
|
2026-06-30 03:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
777
|
8.5 |
HIGH
Network
|
-
|
-
|
SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by injecting URL-encoded quotes into the rule ID path paramet…
New
|
CWE-89
SQL Injection
|
CVE-2026-57955
|
2026-06-30 03:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
778
|
8.1 |
HIGH
Network
|
-
|
-
|
ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control vulnerability in ErpSaleOrderController that allows attackers with erp:sale-out permissions to gain unauthorize…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-57950
|
2026-06-30 03:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
779
|
6.5 |
MEDIUM
Network
|
-
|
-
|
ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated u…
New
|
CWE-862
Missing Authorization
|
CVE-2026-57949
|
2026-06-30 03:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
780
|
8.5 |
HIGH
Network
|
-
|
-
|
Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to register internal URLs due to missing SSRF protecti…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-57947
|
2026-06-30 03:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|