|
291
|
8.0 |
HIGH
Network
|
-
|
-
|
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scri…
New
|
-
|
CVE-2026-41724
|
2026-06-8 23:59 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScr…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-11569
|
2026-06-8 23:57 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293
|
- |
|
-
|
-
|
## Summary
The iOS implementation of `cordova-plugin-inappbrowser` passes the `id` field from a `WKScriptMessage` body to `commandDelegate sendPluginResult:callbackId:` with no format validation (`C…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-47430
|
2026-06-8 23:57 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294
|
7.4 |
HIGH
Network
|
-
|
-
|
A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN sit…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-50752
|
2026-06-8 23:57 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295
|
7.2 |
HIGH
Network
|
-
|
-
|
A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/{realm}/partialImport endpoint. This allows them to bypass Fine-Gr…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-11577
|
2026-06-8 23:57 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in…
New
|
CWE-266
CWE-272
Incorrect Privilege Assignment
Least Privilege Violation
|
CVE-2026-11492
|
2026-06-8 23:57 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipul…
New
|
CWE-266
CWE-272
Incorrect Privilege Assignment
Least Privilege Violation
|
CVE-2026-11497
|
2026-06-8 23:57 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298
|
3.8 |
LOW
Network
|
-
|
-
|
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the delete_cancel_staging_si…
New
|
CWE-73
External Control of File Name or Path
|
CVE-2025-12656
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to pe…
New
|
CWE-862
Missing Authorization
|
CVE-2026-7523
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300
|
7.5 |
HIGH
Network
|
-
|
-
|
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the (profile template scope) functi…
New
|
CWE-22
Path Traversal
|
CVE-2026-9290
|
2026-06-8 23:57 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
