|
3471
|
- |
|
-
|
-
|
openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details fro…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8406
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3472
|
8.6 |
HIGH
Network
|
-
|
-
|
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validati…
|
CWE-918
CWE-1286
CWE-1389
Server-Side Request Forgery (SSRF)
Improper Validation of Syntactic Correctness of Input
|
CVE-2026-50131
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3473
|
3.7 |
LOW
Network
|
-
|
-
|
Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.1…
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-48011
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3474
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSH_MSG_USERAUTH_REQUEST me…
|
CWE-287
Improper Authentication
|
CVE-2026-46705
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3475
|
7.5 |
HIGH
Network
|
-
|
-
|
libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.j…
|
CWE-20
CWE-400
CWE-401
Improper Input Validation
Uncontrolled Resource Consumption
Missing Release of Memory after Effective Lifetime
|
CVE-2026-46679
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3476
|
7.5 |
HIGH
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh rele…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-46673
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3477
|
3.6 |
LOW
Local
|
-
|
-
|
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allo…
|
CWE-22
CWE-193
Path Traversal
Off-by-one Error
|
CVE-2026-45380
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3478
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) …
|
CWE-89
SQL Injection
|
CVE-2026-38581
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3479
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server.
This issue affects Rotaban: from V2026.06.…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-11839
|
2026-06-12 01:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3480
|
9.6 |
CRITICAL
Adjacent
|
microsoft
|
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2022
windows_server_2025
|
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-42904
|
2026-06-12 01:15 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
