|
141
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Update
|
-
|
CVE-2026-9642
|
2026-06-4 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
142
|
- |
|
-
|
-
|
An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item.
This issue affects glpi: before 11.0.7.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5385
|
2026-06-4 01:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
143
|
8.0 |
HIGH
Network
|
-
|
-
|
A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The…
New
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-5241
|
2026-06-4 01:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
144
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the _default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attackers to read arbitrary files.…
New
|
CWE-22
Path Traversal
|
CVE-2026-49144
|
2026-06-4 01:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
145
|
- |
|
-
|
-
|
Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values.
Tesla.Multipart.part_headers_fo…
New
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-48598
|
2026-06-4 01:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
146
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint.
Tesla.Adapter.Mint.open_conn/2 conv…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-48597
|
2026-06-4 01:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
147
|
- |
|
-
|
-
|
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies.
When Tesla.Middleware.…
New
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-48594
|
2026-06-4 01:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
148
|
- |
|
-
|
-
|
GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset…
New
|
CWE-862
Missing Authorization
|
CVE-2026-44281
|
2026-06-4 01:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
149
|
7.5 |
HIGH
Network
|
-
|
-
|
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU.
New
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-42504
|
2026-06-4 01:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
150
|
- |
|
-
|
-
|
GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or …
New
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-42321
|
2026-06-4 01:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
