|
901
|
8.1 |
HIGH
Network
|
-
|
-
|
Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized …
|
CWE-22
Path Traversal
|
CVE-2026-53777
|
2026-06-12 02:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
902
|
7.5 |
HIGH
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and by…
|
CWE-20
Improper Input Validation
|
CVE-2026-48110
|
2026-06-12 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
903
|
7.5 |
HIGH
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal tran…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-46702
|
2026-06-12 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
904
|
- |
|
-
|
-
|
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.1, on POSIX, escapeshellarg(‘/usr/bin/wkhtmltopdf’) returns the literal string ‘…
|
CWE-78
OS Command
|
CVE-2026-46643
|
2026-06-12 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
905
|
7.5 |
HIGH
Network
|
-
|
-
|
JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign() helper copies properties with for...in + plain assignment. When the sour…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-46625
|
2026-06-12 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
906
|
7.5 |
HIGH
Network
|
-
|
-
|
libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mo…
|
CWE-20
CWE-400
Improper Input Validation
Uncontrolled Resource Consumption
|
CVE-2026-45783
|
2026-06-12 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
907
|
8.8 |
HIGH
Network
|
-
|
-
|
Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session manageme…
|
CWE-362
Race Condition
|
CVE-2026-44693
|
2026-06-12 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
908
|
6.4 |
MEDIUM
Network
|
-
|
-
|
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuse…
|
CWE-89
SQL Injection
|
CVE-2026-11945
|
2026-06-12 02:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
909
|
8.1 |
HIGH
Network
|
-
|
-
|
Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in `keras/src/utils/file_utils.py`. The functions `filter_safe_tarinfos()` and `fil…
|
CWE-22
Path Traversal
|
CVE-2026-11816
|
2026-06-12 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
910
|
7.8 |
HIGH
Local
|
adobe
|
indesign
|
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-48293
|
2026-06-12 02:14 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
