|
1541
|
8.1 |
HIGH
Network
|
-
|
-
|
OpenRemote before 1.25.0 contains an insecure direct object reference (IDOR) vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging t…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-56784
|
2026-06-24 07:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1542
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it's a duplicate of CVE-2026-56784.
|
-
|
CVE-2026-56120
|
2026-06-24 07:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1543
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and including 2.0.4. This is due to insufficient path sanitizati…
|
CWE-22
Path Traversal
|
CVE-2026-7547
|
2026-06-24 06:17 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1544
|
5.3 |
MEDIUM
Network
|
-
|
-
|
OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within sys/netmpls/mpls_input.c that allows remote attackers to disclose kernel s…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-56099
|
2026-06-24 06:17 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1545
|
6.5 |
MEDIUM
Network
|
-
|
-
|
PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. At…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2026-56077
|
2026-06-24 06:17 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1546
|
7.5 |
HIGH
Network
|
-
|
-
|
Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outside /private/*, but file_server later resolves the s…
|
CWE-22
CWE-284
Path Traversal
Improper Access Control
|
CVE-2026-52844
|
2026-06-24 06:17 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1547
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-11989
|
2026-06-24 06:16 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1548
|
5.4 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to enforce administrator authorization on the {{setDefaultInstance}} call within the {{/gitlab conne…
|
CWE-862
Missing Authorization
|
CVE-2026-5139
|
2026-06-24 05:50 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1549
|
6.4 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 Fail to validate channel ownership of an existing subscription before applying edits which allows an auth…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6062
|
2026-06-24 05:50 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1550
|
6.4 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-6673
|
2026-06-24 05:49 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
