|
1581
|
6.5 |
MEDIUM
Network
|
-
|
-
|
motionEye (mEye) is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to path traversal in the picture and …
|
CWE-22 CWE-284
Path Traversal Improper Access Control
|
CVE-2026-31978
|
2026-06-26 08:17 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1582
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authentica…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-56774
|
2026-06-26 07:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1583
|
8.8 |
HIGH
Network
|
-
|
-
|
Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth …
|
CWE-862
Missing Authorization
|
CVE-2026-56767
|
2026-06-26 06:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1584
|
- |
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Jupyter Notebook (ipynb) sanitizer endpoint at POST /-/api/sanitize_ipynb allows arbitrary data: URIs without proper restrictions,…
|
CWE-80
Basic XSS
|
CVE-2026-52816
|
2026-06-26 06:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1585
|
3.5 |
LOW
Network
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.3, specially crafted issue index pattern can cause a panic when rendering, resulting in denial of service. In internal/markup/markup.go, …
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-52796
|
2026-06-26 06:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1586
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.3, a malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the …
|
CWE-20
Improper Input Validation
|
CVE-2025-64719
|
2026-06-26 06:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1587
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit
|
CWE-88
Argument Injection
|
CVE-2026-11968
|
2026-06-26 05:21 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1588
|
8.0 |
HIGH
Network
|
-
|
-
|
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, w…
|
CWE-59
Link Following
|
CVE-2026-23879
|
2026-06-26 05:21 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1589
|
7.2 |
HIGH
Network
|
-
|
-
|
3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by …
|
CWE-73
External Control of File Name or Path
|
CVE-2026-55477
|
2026-06-26 05:21 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1590
|
3.5 |
LOW
Network
|
-
|
-
|
HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario.
|
CWE-284 CWE-319
Improper Access Control Cleartext Transmission of Sensitive Information
|
CVE-2025-15619
|
2026-06-26 05:20 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|