|
2631
|
4.7 |
MEDIUM
Network
|
shopify
|
react-router
|
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site Scripting (XSS…
|
CWE-79
Cross-site Scripting
|
CVE-2026-33245
|
2026-06-5 03:43 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2632
|
7.3 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-8876
|
2026-06-5 03:42 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2633
|
7.5 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2026-8878
|
2026-06-5 03:42 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2634
|
7.5 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This script is NOT declared in manif…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-8879
|
2026-06-5 03:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2635
|
6.5 |
MEDIUM
Network
|
libxls_project
|
libxls
|
libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT) in read_MSAT() is not ful…
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-26824
|
2026-06-5 03:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2636
|
7.7 |
HIGH
Network
|
openstack
|
ironic
|
OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-46447
|
2026-06-5 03:41 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2637
|
4.9 |
MEDIUM
Network
|
openstack
|
ironic
|
OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template.
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-44917
|
2026-06-5 03:40 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2638
|
8.1 |
HIGH
Network
|
openstack
|
ironic
|
OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.
|
CWE-23
Relative Path Traversal
|
CVE-2026-48681
|
2026-06-5 03:40 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2639
|
5.9 |
MEDIUM
Local
|
libexpat_project
|
libexpat
|
libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation.…
|
CWE-416
Use After Free
|
CVE-2026-50219
|
2026-06-5 03:39 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2640
|
7.5 |
HIGH
Network
|
solarwinds
|
web_help_desk
|
SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server to crash due to insufficient memory.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-28299
|
2026-06-5 03:39 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
