|
1
|
9.6 |
CRITICAL
Network
|
huggingface
|
transformers
|
A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The…
New
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-5241
|
2026-06-5 03:54 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2
|
6.5 |
MEDIUM
Network
|
koha
|
koha
|
Koha versions up to 25.11 contain a Server-Side Request Forgery (SSRF) vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-26379
|
2026-06-5 03:54 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3
|
7.8 |
HIGH
Local
|
linaro
|
op-tee
|
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior …
New
|
CWE-416
Use After Free
|
CVE-2026-40290
|
2026-06-5 03:51 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4
|
8.1 |
HIGH
Network
|
shopify
|
react-router
|
React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution (RCE) through extern…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-42211
|
2026-06-5 03:50 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5
|
5.4 |
MEDIUM
Network
|
koha
|
koha
|
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-26378
|
2026-06-5 03:49 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6
|
6.1 |
MEDIUM
Network
|
shopify
|
react-router
|
React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to p…
New
|
CWE-601
Open Redirect
|
CVE-2026-40181
|
2026-06-5 03:46 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
7
|
7.5 |
HIGH
Network
|
shopify
turbo-stream
|
react-router
turbo_stream
|
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site Scripting (XSS…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-34077
|
2026-06-5 03:45 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
8
|
4.7 |
MEDIUM
Network
|
shopify
|
react-router
|
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site Scripting (XSS…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-33245
|
2026-06-5 03:43 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
9
|
7.3 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data.
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-8876
|
2026-06-5 03:42 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
10
|
7.5 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that…
New
|
CWE-326
Inadequate Encryption Strength
|
CVE-2026-8878
|
2026-06-5 03:42 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
