|
681
|
7.5 |
HIGH
Network
|
-
|
-
|
Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding.
This issue affects Advanced Access Manager: from n/a through 7.1.0.
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-42674
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
682
|
7.3 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in Themefic Hydra Booking allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Hydra Booking: from n/a through 1.1.41.
New
|
CWE-862
Missing Authorization
|
CVE-2026-42675
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
683
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred allows Stored XSS.
This issue affects myCred: from n/a through 3.0.4.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42676
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
684
|
7.5 |
HIGH
Network
|
-
|
-
|
Missing Authorization vulnerability in Ben Balter WP Document Revisions allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects WP Document Revisions: from n/a be…
New
|
CWE-862
Missing Authorization
|
CVE-2026-42677
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
685
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liquid Web / StellarWP GiveWP allows DOM-Based XSS.
This issue affects GiveWP: from n/a through …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42678
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
686
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mamunur Rashid Classified Listing allows Path Traversal.
This issue affects Classified Listing: from n…
New
|
CWE-22
Path Traversal
|
CVE-2026-42679
|
2026-06-2 02:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
687
|
6.5 |
MEDIUM
Network
|
rust-lang
|
cargo
|
Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary na…
Update
|
CWE-647
Use of Non-Canonical URL Paths for Authorization Decisions
|
CVE-2026-5222
|
2026-06-2 02:56 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
688
|
7.8 |
HIGH
Local
|
mediatek
|
mt6739_firmware
mt6761_firmware
mt6765_firmware
mt6768_firmware
mt6781_firmware
mt6789_firmware
mt6835_firmware
mt6853_firmware
mt6855_firmware
mt6877_firmware
mt6878_fi…
|
In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. U…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-20455
|
2026-06-2 02:56 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
689
|
5.5 |
MEDIUM
Local
|
mediatek
|
mt7902_firmware
mt7920_firmware
mt7921_firmware
mt7922_firmware
mt7925_firmware
mt7927_firmware
|
In wlan STA driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with User execution privileges needed. User interaction is not needed fo…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-20456
|
2026-06-2 02:54 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
690
|
9.8 |
CRITICAL
Network
|
redhat
samba
|
openshift_container_platform
samba
enterprise_linux
|
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J"
substitution charac…
Update
|
CWE-78
OS Command
|
CVE-2026-4480
|
2026-06-2 02:53 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
