|
951
|
7.5 |
HIGH
Network
|
qnap
|
qumagie
|
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions.
We hav…
|
CWE-359
CWE-862
Exposure of Private Personal Information to an Unauthorized Actor
Missing Authorization
|
CVE-2026-26237
|
2026-06-13 04:53 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
952
|
5.5 |
MEDIUM
Network
|
splunk
|
splunk
splunk_cloud_platform
|
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds…
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-20259
|
2026-06-13 04:50 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
953
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page. (Chromium security severity: High)
|
CWE-362
Race Condition
|
CVE-2026-1220
|
2026-06-13 04:47 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
954
|
7.5 |
HIGH
Network
|
tdengine
|
tdengine
|
TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process b…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-42542
|
2026-06-13 04:40 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
955
|
7.5 |
HIGH
Network
|
openvm
|
openvm
|
OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's try_honest_pairing_check function invokes Theor…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-46669
|
2026-06-13 04:38 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
956
|
4.6 |
MEDIUM
Network
|
umbraco
|
umbraco_cms
|
Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is rendered in the confirmation dialog without proper o…
|
CWE-79
Cross-site Scripting
|
CVE-2026-46609
|
2026-06-13 04:34 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
957
|
6.1 |
MEDIUM
Network
|
umbraco
|
umbraco_cms
|
Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor t…
|
CWE-601
Open Redirect
|
CVE-2026-46616
|
2026-06-13 04:34 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
958
|
8.8 |
HIGH
Network
|
apache
|
ofbiz
|
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template inj…
|
CWE-94
Code Injection
|
CVE-2026-50223
|
2026-06-13 04:30 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
959
|
7.8 |
HIGH
Local
|
microsoft
|
pc_manager
|
Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.
|
CWE-284
Improper Access Control
|
CVE-2026-49161
|
2026-06-13 04:30 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
960
|
9.8 |
CRITICAL
Network
|
vmware
|
spring_for_graphql
|
Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Exec…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-41699
|
2026-06-13 04:28 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
