|
121
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authenticated users can claim the dashboard Host through N…
New
|
CWE-284
Improper Access Control
|
CVE-2026-53520
|
2026-06-15 23:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
122
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion.
This issue affects WooCommerce PDF Invoice Builde…
New
|
CWE-94
Code Injection
|
CVE-2026-52704
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
123
|
7.5 |
HIGH
Network
|
-
|
-
|
IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser.
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-4870
|
2026-06-15 23:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
124
|
8.8 |
HIGH
Network
|
-
|
-
|
Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation.
This issue affects Masteriyo - LMS: from n/a through 2.2.0.
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-49111
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
125
|
7.5 |
HIGH
Network
|
-
|
-
|
Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data.
This issue affects GetPaid: from n/a through 2.8.49.
New
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-49064
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
126
|
8.8 |
HIGH
Network
|
-
|
-
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation.
This issue affects Faust.Js: from n/a through 1.8.7.
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-49062
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
127
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Subscriber Broken Access Control in Really Simple SSL <= 9.5.9 versions.
New
|
CWE-862
Missing Authorization
|
CVE-2026-48969
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
128
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an authenticated Nezha dashboard user can create or updat…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-47268
|
2026-06-15 23:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
129
|
9.3 |
CRITICAL
Network
|
-
|
-
|
ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of `sanitize-html` pr…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-44990
|
2026-06-15 23:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
130
|
- |
|
-
|
-
|
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-34023
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
