|
761
|
5.7 |
MEDIUM
Network
|
splunk
|
splunk
splunk_cloud_platform
|
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-20255
|
2026-06-16 00:04 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
762
|
5.3 |
MEDIUM
Network
|
guzzlephp
|
psr-7
|
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a serv…
|
CWE-20
CWE-918
Improper Input Validation
Server-Side Request Forgery (SSRF)
|
CVE-2026-48998
|
2026-06-15 23:52 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
763
|
5.3 |
MEDIUM
Network
|
guzzlephp
|
psr-7
|
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. A vulne…
|
CWE-20
CWE-93
CWE-113
Improper Input Validation
CRLF Injection
HTTP Response Splitting
|
CVE-2026-49214
|
2026-06-15 23:41 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
764
|
5.7 |
MEDIUM
Network
|
splunk
|
splunk
splunk_cloud_platform
|
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that…
|
CWE-20
Improper Input Validation
|
CVE-2026-20256
|
2026-06-15 23:33 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
765
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system ter…
|
CWE-284
Improper Access Control
|
CVE-2025-24165
|
2026-06-15 23:26 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
766
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2025-43278
|
2026-06-15 23:25 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
767
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2025-46313
|
2026-06-15 23:24 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
768
|
5.4 |
MEDIUM
Network
|
microsoft
|
exchange_server
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
|
CWE-79
Cross-site Scripting
|
CVE-2026-47631
|
2026-06-15 23:19 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
769
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing unauthenticated visitors to retrieve…
|
CWE-200
Information Exposure
|
CVE-2026-8385
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
770
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection.
This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-5242
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
