|
2821
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery (SSRF) vulnerability in the radio station creation endpoint (POST /api/radio/…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-50552
|
2026-06-16 01:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2822
|
7.3 |
HIGH
Network
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the Editor role can co…
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-45011
|
2026-06-16 01:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2823
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in h…
|
CWE-285
CWE-939
Improper Authorization
Improper Authorization in Handler for Custom URL Scheme
|
CVE-2026-12189
|
2026-06-16 01:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2824
|
4.8 |
MEDIUM
Adjacent
|
-
|
-
|
Zephyr's native TCP stack iterates the global connection list in net_tcp_foreach() (subsys/net/ip/tcp.c) using the SYS_SLIST_FOR_EACH_CONTAINER_SAFE macro, which caches a pointer to the next list nod…
|
CWE-416
Use After Free
|
CVE-2026-10634
|
2026-06-16 01:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2825
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions.
|
CWE-79
Cross-site Scripting
|
CVE-2025-15659
|
2026-06-16 01:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2826
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions.
|
CWE-79
Cross-site Scripting
|
CVE-2025-15658
|
2026-06-16 01:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2827
|
5.3 |
MEDIUM
Network
|
axios
|
axios
|
Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., config.proxy) are still constructed as plain {} with Obj…
|
CWE-113
CWE-1321
HTTP Response Splitting
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-44489
|
2026-06-16 01:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2828
|
7.5 |
HIGH
Network
|
vllm
|
vllm
|
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in the `VideoMediaIO.load_base64()` method. When processi…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-5497
|
2026-06-16 01:11 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2829
|
10.0 |
CRITICAL
Network
|
adobe
|
coldfusion
|
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-47928
|
2026-06-16 00:20 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2830
|
9.1 |
CRITICAL
Network
|
adobe
|
coldfusion
|
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privi…
|
CWE-863
Incorrect Authorization
|
CVE-2026-47929
|
2026-06-16 00:18 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
