|
3011
|
- |
|
-
|
-
|
Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post…
|
CWE-862
Missing Authorization
|
CVE-2026-10715
|
2026-06-16 05:55 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3012
|
- |
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 are vulnerable to stored cross-site scripting via unsanitized user display name in draft version…
|
CWE-79
Cross-site Scripting
|
CVE-2026-45014
|
2026-06-16 05:54 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3013
|
5.4 |
MEDIUM
Network
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 use `allowedSchemesAp…
|
CWE-79
Cross-site Scripting
|
CVE-2026-53606
|
2026-06-16 05:54 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3014
|
3.7 |
LOW
Network
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, when `prettyUrls: true` is enabled on `@apostrophecms/file` (a documented SEO feature for se…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-53607
|
2026-06-16 05:54 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3015
|
9.1 |
CRITICAL
Network
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, `apos.util.set()` traverses dot-notation paths without sanitizing `__proto__`, allowing an a…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-53609
|
2026-06-16 05:54 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3016
|
7.8 |
HIGH
Local
|
-
|
-
|
Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via loca…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-53406
|
2026-06-16 05:52 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3017
|
8.1 |
HIGH
Network
|
-
|
-
|
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privi…
|
CWE-939
Improper Authorization in Handler for Custom URL Scheme
|
CVE-2026-53407
|
2026-06-16 05:52 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3018
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authe…
|
CWE-22
Path Traversal
|
CVE-2026-11442
|
2026-06-16 05:52 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3019
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to execute arbitrary script on affected installations of Allegra. User …
|
CWE-79
Cross-site Scripting
|
CVE-2026-11443
|
2026-06-16 05:52 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3020
|
7.6 |
HIGH
Network
|
-
|
-
|
Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email ad…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-53981
|
2026-06-16 05:50 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
