|
3631
|
8.8 |
HIGH
Network
|
microsoft
|
sharepoint_server
|
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
|
CWE-22
Path Traversal
|
CVE-2026-45454
|
2026-06-11 05:31 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3632
|
5.4 |
MEDIUM
Network
|
microsoft
|
sharepoint_server
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
|
CWE-79
Cross-site Scripting
|
CVE-2026-45462
|
2026-06-11 05:30 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3633
|
5.4 |
MEDIUM
Network
|
microsoft
|
sharepoint_server
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
|
CWE-79
Cross-site Scripting
|
CVE-2026-45464
|
2026-06-11 05:29 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3634
|
5.4 |
MEDIUM
Network
|
microsoft
|
sharepoint_server
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
|
CWE-79
Cross-site Scripting
|
CVE-2026-45465
|
2026-06-11 05:26 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3635
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP (Dynamic Host Configuration Protocol) options, such as a malic…
|
CWE-78
OS Command
|
CVE-2026-6893
|
2026-06-11 05:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3636
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those …
|
CWE-79
Cross-site Scripting
|
CVE-2026-45106
|
2026-06-11 05:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3637
|
- |
|
-
|
-
|
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet opt…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-46683
|
2026-06-11 05:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3638
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCS_RESTRICT_PRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, o…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-50127
|
2026-06-11 05:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3639
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service (degraded availability) by sending crafted …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-10740
|
2026-06-11 05:19 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3640
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections.
The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by ne…
|
CWE-93
CRLF Injection
|
CVE-2026-50639
|
2026-06-11 05:19 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
