|
521
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cov…
|
CWE-78
CWE-269
CWE-862
OS Command
Improper Privilege Management
Missing Authorization
|
CVE-2026-46716
|
2026-06-16 06:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
522
|
8.1 |
HIGH
Network
|
-
|
-
|
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the api_tokens database table. Any…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2026-46622
|
2026-06-16 06:17 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
523
|
7.6 |
HIGH
Network
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 contain an authenticated server-side request forgery (SSRF) in the rich-text widget import flow.…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45012
|
2026-06-16 06:17 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
524
|
7.8 |
HIGH
Local
|
-
|
-
|
A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create event execution, any local user can c…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-54228
|
2026-06-16 06:09 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
525
|
7.0 |
HIGH
Local
|
-
|
-
|
A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DD_OPEN_READONLY and calls dd_chown to change ownership of all files …
|
CWE-362
Race Condition
|
CVE-2026-54229
|
2026-06-16 06:09 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
526
|
7.0 |
HIGH
Local
|
-
|
-
|
A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the O_NOFOLLOW flag. If the t…
|
CWE-59
Link Following
|
CVE-2026-54230
|
2026-06-16 06:09 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
527
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and w…
|
CWE-74
Injection
|
CVE-2026-54231
|
2026-06-16 06:09 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
528
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects …
|
CWE-617
Reachable Assertion
|
CVE-2026-52718
|
2026-06-16 06:09 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
529
|
7.1 |
HIGH
Network
|
-
|
-
|
An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against avai…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-52719
|
2026-06-16 06:09 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
530
|
8.8 |
HIGH
Network
|
-
|
-
|
A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VN…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-52720
|
2026-06-16 06:09 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
