|
901
|
7.5 |
HIGH
Network
|
-
|
-
|
ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installat…
New
|
CWE-22
Path Traversal
|
CVE-2026-9776
|
2026-06-25 23:23 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
902
|
7.2 |
HIGH
Network
|
-
|
-
|
ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentic…
New
|
CWE-22
Path Traversal
|
CVE-2026-9777
|
2026-06-25 23:23 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
903
|
7.2 |
HIGH
Network
|
-
|
-
|
ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Au…
New
|
CWE-22
Path Traversal
|
CVE-2026-9778
|
2026-06-25 23:23 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
904
|
7.2 |
HIGH
Network
|
-
|
-
|
ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affect…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-9779
|
2026-06-25 23:23 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
905
|
6.3 |
MEDIUM
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, several direct, index-addressed Ollama proxy routes accept a caller-supplied url_idx…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-54021
|
2026-06-25 23:23 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
906
|
- |
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove <iframe> elements. Combined with the SiYuan Electron client's permissive security …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-54759
|
2026-06-25 23:22 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
907
|
7.5 |
HIGH
Network
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 ("Path Traversal via Double URL Encoding") sanitized the /export/ route but the identical r…
New
|
CWE-22
CWE-23
CWE-1188
Path Traversal
Relative Path Traversal
Insecure Default Initialization of Resource
|
CVE-2026-54066
|
2026-06-25 23:22 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
908
|
5.5 |
MEDIUM
Network
|
-
|
-
|
Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting (XSS) vulnerability in the Asset View UI component. An authentica…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-12163
|
2026-06-25 23:22 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
909
|
4.4 |
MEDIUM
Local
|
-
|
-
|
Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command whil…
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-12164
|
2026-06-25 23:22 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
910
|
6.1 |
MEDIUM
Network
|
-
|
-
|
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-46547
|
2026-06-25 23:21 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
