|
1901
|
10.0 |
CRITICAL
Network
|
-
|
-
|
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the `PROXY UNKNOWN <addr> <addr> <port> <port>\r\n` PP1 frame …
|
CWE-348
CWE-863
Use of Less Trusted Source
Incorrect Authorization
|
CVE-2026-48772
|
2026-06-24 00:57 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1902
|
7.5 |
HIGH
Network
|
-
|
-
|
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP `run_sql_readonly` tool violates its documented read-only contract for MySQL …
|
CWE-20
Improper Input Validation
|
CVE-2026-48774
|
2026-06-24 00:57 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1903
|
9.8 |
CRITICAL
Network
|
-
|
-
|
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication heap memory corruption vulnerability in the MySQL and PostgreSQL protocol f…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-48773
|
2026-06-24 00:55 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1904
|
- |
|
-
|
-
|
@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, `@microsoft/kiota-http-fetchlibrary`'s `Redir…
|
CWE-178
CWE-200
Improper Handling of Case Sensitivity
Information Exposure
|
CVE-2026-49336
|
2026-06-24 00:44 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1905
|
7.1 |
HIGH
Network
|
-
|
-
|
gonic is a music streaming server / free-software subsonic server API implementation. The maintainer's fix in commit `6dd71e6a3c966867ef8c900d359a7df75789f410` added an ownership check based on `pla…
|
CWE-22
CWE-639
Path Traversal
Authorization Bypass Through User-Controlled Key
|
CVE-2026-49339
|
2026-06-24 00:44 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1906
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Kestra is an open-source, event-driven orchestration platform. Prior to versions 1.3.19, 1.2.19, 1.1.19, and 1.0.43, Kestra task `inputFiles` writes rendered file names directly under the task workin…
|
CWE-22
Path Traversal
|
CVE-2026-48129
|
2026-06-24 00:44 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1907
|
4.3 |
MEDIUM
Network
|
-
|
-
|
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes `decoder_context::read_slice_NAL()` (`libde265/decctx.cc:481`…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-49337
|
2026-06-24 00:44 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1908
|
- |
|
-
|
-
|
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path…
|
CWE-73
CWE-522
External Control of File Name or Path
Insufficiently Protected Credentials
|
CVE-2026-53632
|
2026-06-24 00:44 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1909
|
5.3 |
MEDIUM
Network
|
-
|
-
|
@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-54300
|
2026-06-24 00:44 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1910
|
- |
|
-
|
-
|
Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 (and Plug.Conn.Query.decode_each/2…
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-54892
|
2026-06-24 00:44 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
