|
1
|
8.8 |
HIGH
Network
|
-
|
-
|
Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename …
New
|
CWE-78
OS Command
|
CVE-2026-49492
|
2026-06-6 03:59 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2
|
8.8 |
HIGH
Network
|
-
|
-
|
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS(), which evaluates the block content as code via vm.runInNewContext(), allowing arbitrary code execution. A…
New
|
CWE-94
Code Injection
|
CVE-2026-49493
|
2026-06-6 03:59 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3
|
8.8 |
HIGH
Network
|
-
|
-
|
Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), allowing arbitrary JavaScript execution. The flaw affects every render path - th…
New
|
CWE-95
Eval Injection
|
CVE-2026-50733
|
2026-06-6 03:59 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4
|
4.3 |
MEDIUM
Network
|
strawberry
|
strawberry_graphql
|
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser U…
New
|
CWE-200
CWE-201
Information Exposure
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-45739
|
2026-06-6 03:43 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5
|
4.3 |
MEDIUM
Network
|
synology
|
hyper_backup
|
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated use…
New
|
CWE-22
Path Traversal
|
CVE-2024-47273
|
2026-06-6 03:32 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6
|
4.1 |
MEDIUM
Network
|
synology
|
hyper_backup
|
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenti…
New
|
CWE-22
Path Traversal
|
CVE-2024-47263
|
2026-06-6 03:31 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
7
|
5.9 |
MEDIUM
Network
|
synology
|
note_station_client
|
A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential.
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2023-52951
|
2026-06-6 03:20 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
8
|
7.8 |
HIGH
Local
|
synology
|
hyper_backup_explorer
|
An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via u…
New
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2022-49042
|
2026-06-6 03:19 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
9
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
New
|
-
|
CVE-2026-6209
|
2026-06-6 03:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
10
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
New
|
-
|
CVE-2026-6208
|
2026-06-6 03:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
