|
431
|
- |
|
-
|
-
|
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attac…
New
|
CWE-328
Use of Weak Hash
|
CVE-2026-48488
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
432
|
5.5 |
MEDIUM
Local
|
-
|
-
|
fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode …
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-45581
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
433
|
8.3 |
HIGH
Network
|
-
|
-
|
OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST …
New
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-46481
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
434
|
- |
|
-
|
-
|
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerabili…
New
|
CWE-22
Path Traversal
|
CVE-2026-46486
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
435
|
8.1 |
HIGH
Network
|
-
|
-
|
Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by…
New
|
CWE-22
CWE-285
Path Traversal
Improper Authorization
|
CVE-2026-46484
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
436
|
- |
|
-
|
-
|
Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fides_description override. This issue h…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-44541
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
437
|
5.6 |
MEDIUM
Network
|
-
|
-
|
Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connecti…
New
|
CWE-299
Improper Check for Certificate Revocation
|
CVE-2026-6899
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
438
|
- |
|
-
|
-
|
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously …
New
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2026-49232
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
439
|
- |
|
-
|
-
|
Origin Validation Error vulnerability in ninenines gun (gun_http2 module) allows cross-origin cookie injection via unvalidated HTTP/2 PUSH_PROMISE authority.
In gun_http2:push_promise_frame/7, the :…
New
|
CWE-346
Origin Validation Error
|
CVE-2026-43972
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
440
|
- |
|
-
|
-
|
Uncontrolled Resource Consumption vulnerability in ninenines gun (gun_http module) allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering.
In gun_http:handle/5,…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-43973
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
