|
4061
|
7.7 |
HIGH
Network
|
-
|
-
|
Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the…
|
CWE-22
Path Traversal
|
CVE-2026-49957
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4062
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Ellucian Banner Self-Service before the April T2 release (2025-04-23) contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP user…
|
CWE-79
Cross-site Scripting
|
CVE-2026-47106
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4063
|
7.8 |
HIGH
Local
|
-
|
-
|
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trust_remote_c…
|
CWE-94
Code Injection
|
CVE-2026-46432
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4064
|
- |
|
-
|
-
|
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and fu…
|
CWE-20
Improper Input Validation
|
CVE-2026-0415
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4065
|
- |
|
-
|
-
|
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and fu…
|
CWE-94
Code Injection
|
CVE-2026-0414
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4066
|
6.1 |
MEDIUM
Network
|
apache
|
answer
|
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer.
This issue affects Apache Answer: through 2.0.0.
Timeline-related APIs lacked proper authorization …
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2026-25699
|
2026-06-10 22:38 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4067
|
6.5 |
MEDIUM
Network
|
apache
|
answer
|
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.
This issue affects Apache Answer: through 2.0.0.
A crafted TIFF image could trigger excessive memory allocation durin…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-33582
|
2026-06-10 22:37 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4068
|
6.5 |
MEDIUM
Network
|
apache
|
answer
|
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.
This issue affects Apache Answer: through 2.0.0.
The server did not sufficiently validate user-supplied image URLs, a…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-34031
|
2026-06-10 22:28 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4069
|
6.5 |
MEDIUM
Network
|
apache
|
answer
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer.
This issue affects Apache Answer: through 2.0.0.
The unlisted question feature did not enforce access rest…
|
CWE-200
Information Exposure
|
CVE-2026-34905
|
2026-06-10 22:28 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4070
|
6.1 |
MEDIUM
Network
|
apache
|
answer
|
Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer.
This issue affects Apache Answer: through 2.0.0.
AI-generated response content was rendered in the browser without pr…
|
CWE-87
Improper Neutralization of Alternate XSS Syntax
|
CVE-2026-25688
|
2026-06-10 22:12 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
