|
2001
|
- |
|
-
|
-
|
SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the …
|
CWE-79
Cross-site Scripting
|
CVE-2026-40545
|
2026-06-2 01:37 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2002
|
- |
|
-
|
-
|
SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database.…
|
CWE-89
SQL Injection
|
CVE-2026-40546
|
2026-06-2 01:37 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2003
|
- |
|
-
|
-
|
SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files p…
|
CWE-22
Path Traversal
|
CVE-2026-40547
|
2026-06-2 01:37 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2004
|
- |
|
-
|
-
|
SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-40548
|
2026-06-2 01:37 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2005
|
- |
|
-
|
-
|
SOPlanning is vulnerable to Cross‑Site Request Forgery (CSRF) in groupe_save create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user…
|
CWE-352
Origin Validation Error
|
CVE-2026-40549
|
2026-06-2 01:37 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2006
|
- |
|
-
|
-
|
Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malic…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42251
|
2026-06-2 01:37 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2007
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Integer overflow in WTF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-10015
|
2026-06-2 00:26 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2008
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (C…
|
CWE-416
Use After Free
|
CVE-2026-10003
|
2026-06-2 00:25 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2009
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in SVG in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
Use After Free
|
CVE-2026-10007
|
2026-06-2 00:17 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2010
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was discovered on Stormshield Network Security
* 4.3.0 to 4.3.41,
* 4.8.0 to 4.8.15,
* 5.0.0 to 5.0.5
It is possible to execute a reflected XSS attack on the …
|
CWE-79
Cross-site Scripting
|
CVE-2026-8474
|
2026-06-2 00:17 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
