|
1781
|
- |
|
-
|
-
|
Malicious HTML content could be injected into the email address of an
order, which pretix showed without sanitization on the confirmation page
for individual tickets in that order.
|
CWE-80
Basic XSS
|
CVE-2026-13225
|
2026-06-26 01:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1782
|
- |
|
-
|
-
|
Our payment integration with Computop-based payment methods did not
properly validate payment status responses. An attacker could use a
successful payment status response from one payment and suppl…
|
CWE-841
Improper Enforcement of Behavioral Workflow
|
CVE-2026-13223
|
2026-06-26 01:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1783
|
- |
|
-
|
-
|
Our payment integration with Oppwa-based payment methods did not
properly validate payment status responses. An attacker could use a
successful payment status response from one payment and supply i…
|
CWE-841
Improper Enforcement of Behavioral Workflow
|
CVE-2026-13222
|
2026-06-26 01:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1784
|
2.5 |
LOW
Local
|
-
|
-
|
Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not consistently reject unsafe Markdown link and image URL s…
|
CWE-79
Cross-site Scripting
|
CVE-2026-54326
|
2026-06-26 01:14 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1785
|
7.3 |
HIGH
Local
|
-
|
-
|
Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directo…
|
CWE-379
Creation of Temporary File in Directory with Incorrect Permissions
|
CVE-2026-54328
|
2026-06-26 01:14 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1786
|
4.4 |
MEDIUM
Local
|
-
|
-
|
Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user to trust that repository. Th…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-54325
|
2026-06-26 01:14 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1787
|
6.2 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, whic…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-9073
|
2026-06-26 01:14 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1788
|
- |
|
-
|
-
|
Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::activate_fw modules) allows bypass of Caliptra Core's verification of the MCU FW during a hitless upda…
|
CWE-253
Incorrect Check of Function Return Value
|
CVE-2026-5818
|
2026-06-26 01:14 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1789
|
- |
|
-
|
-
|
Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardwar…
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-6458
|
2026-06-26 01:14 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1790
|
5.8 |
MEDIUM
Network
|
-
|
-
|
Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal serv…
|
CWE-184 CWE-918
Incomplete Blacklist Server-Side Request Forgery (SSRF)
|
CVE-2026-53944
|
2026-06-26 01:07 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|