|
2851
|
7.8 |
HIGH
Local
|
microsoft
|
visual_studio_code
|
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.
|
CWE-94
CWE-829
Code Injection
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-47292
|
2026-06-15 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2852
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authenticated users can claim the dashboard Host through N…
|
CWE-284
Improper Access Control
|
CVE-2026-53520
|
2026-06-15 23:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2853
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion.
This issue affects WooCommerce PDF Invoice Builde…
|
CWE-94
Code Injection
|
CVE-2026-52704
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2854
|
8.8 |
HIGH
Network
|
-
|
-
|
Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation.
This issue affects Masteriyo - LMS: from n/a through 2.2.0.
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-49111
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2855
|
7.5 |
HIGH
Network
|
-
|
-
|
Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data.
This issue affects GetPaid: from n/a through 2.8.49.
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-49064
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2856
|
8.8 |
HIGH
Network
|
-
|
-
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation.
This issue affects Faust.Js: from n/a through 1.8.7.
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-49062
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2857
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Subscriber Broken Access Control in Really Simple SSL <= 9.5.9 versions.
|
CWE-862
Missing Authorization
|
CVE-2026-48969
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2858
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an authenticated Nezha dashboard user can create or updat…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-47268
|
2026-06-15 23:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2859
|
9.3 |
CRITICAL
Network
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of `sanitize-html` pr…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44990
|
2026-06-15 23:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2860
|
- |
|
-
|
-
|
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An…
|
CWE-863
Incorrect Authorization
|
CVE-2026-34023
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
