|
171
|
8.2 |
HIGH
Network
|
raszi
|
tmp
|
tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untru…
Update
|
CWE-22
Path Traversal
|
CVE-2026-44705
|
2026-06-15 21:52 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
172
|
- |
|
-
|
-
|
Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution.
This project i…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-5482
|
2026-06-15 21:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
173
|
- |
|
-
|
-
|
Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in.
AshAuthentication's OAuth2 and OIDC family strategie…
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-49757
|
2026-06-15 21:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
174
|
- |
|
-
|
-
|
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple applicati…
New
|
CWE-73
External Control of File Name or Path
|
CVE-2026-34030
|
2026-06-15 21:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
175
|
- |
|
-
|
-
|
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the …
New
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-34029
|
2026-06-15 21:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
176
|
- |
|
-
|
-
|
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly ac…
New
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2026-34028
|
2026-06-15 21:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
177
|
- |
|
-
|
-
|
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application val…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-34027
|
2026-06-15 21:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
178
|
- |
|
-
|
-
|
Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The…
New
|
CWE-23
Relative Path Traversal
|
CVE-2026-34026
|
2026-06-15 21:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
179
|
- |
|
-
|
-
|
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP addr…
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-34025
|
2026-06-15 21:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
180
|
- |
|
-
|
-
|
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges c…
New
|
CWE-862
Missing Authorization
|
CVE-2026-34024
|
2026-06-15 21:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
