|
191
|
5.3 |
MEDIUM
Network
|
-
|
-
|
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a serv…
New
|
CWE-20
CWE-918
Improper Input Validation
Server-Side Request Forgery (SSRF)
|
CVE-2026-48998
|
2026-06-12 00:25 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
192
|
5.3 |
MEDIUM
Network
|
-
|
-
|
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. A vulne…
New
|
CWE-20
CWE-93
CWE-113
Improper Input Validation
CRLF Injection
HTTP Response Splitting
|
CVE-2026-49214
|
2026-06-12 00:25 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
193
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTH_I…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-48107
|
2026-06-12 00:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, …
New
|
CWE-20
Improper Input Validation
|
CVE-2026-48108
|
2026-06-12 00:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195
|
- |
|
-
|
-
|
Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add() handler attempted to remove an attacker-supplied id from $params before normalizing the …
New
|
CWE-20
Improper Input Validation
|
CVE-2026-53901
|
2026-06-12 00:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196
|
- |
|
-
|
-
|
Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-53911
|
2026-06-12 00:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197
|
- |
|
-
|
-
|
Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored the registrant’s hashed password in the inbox message data payload. Th…
New
|
CWE-200
Information Exposure
|
CVE-2026-53912
|
2026-06-12 00:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198
|
8.7 |
HIGH
Network
|
-
|
-
|
GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authentic…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-10087
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199
|
4.3 |
MEDIUM
Network
|
-
|
-
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that could have allowed an authenticated user to cause den…
New
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2026-10733
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200
|
6.5 |
MEDIUM
Network
|
-
|
-
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authe…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-1500
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
