|
931
|
8.8 |
HIGH
Network
|
-
|
-
|
IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-7870
|
2026-06-12 01:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
932
|
7.5 |
HIGH
Network
|
-
|
-
|
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7787
|
2026-06-12 01:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
933
|
8.6 |
HIGH
Network
|
-
|
-
|
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validati…
|
CWE-918
CWE-1286
CWE-1389
Server-Side Request Forgery (SSRF)
Improper Validation of Syntactic Correctness of Input
|
CVE-2026-50131
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
934
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against…
|
CWE-644
Improper Neutralization of HTTP Headers for Scripting Syntax
|
CVE-2026-4096
|
2026-06-12 01:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
935
|
3.7 |
LOW
Network
|
-
|
-
|
Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.1…
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-48011
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
936
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSH_MSG_USERAUTH_REQUEST me…
|
CWE-287
Improper Authentication
|
CVE-2026-46705
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
937
|
7.5 |
HIGH
Network
|
-
|
-
|
libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.j…
|
CWE-20
CWE-400
CWE-401
Improper Input Validation
Uncontrolled Resource Consumption
Missing Release of Memory after Effective Lifetime
|
CVE-2026-46679
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
938
|
7.5 |
HIGH
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh rele…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-46673
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
939
|
3.6 |
LOW
Local
|
-
|
-
|
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allo…
|
CWE-22
CWE-193
Path Traversal
Off-by-one Error
|
CVE-2026-45380
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
940
|
5.4 |
MEDIUM
Network
|
-
|
-
|
IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, pote…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-3341
|
2026-06-12 01:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
