|
111
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
Update
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2025-46313
|
2026-06-15 23:24 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
112
|
5.4 |
MEDIUM
Network
|
microsoft
|
exchange_server
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-47631
|
2026-06-15 23:19 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
113
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing unauthenticated visitors to retrieve…
New
|
CWE-200
Information Exposure
|
CVE-2026-8385
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
114
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server w…
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-6517
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
115
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection.
This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26…
New
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-5242
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
116
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding.
This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.
New
|
CWE-799
Improper Control of Interaction Frequency
|
CVE-2026-5233
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
117
|
7.1 |
HIGH
Network
|
-
|
-
|
Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Pizzy Li…
New
|
CWE-284
CWE-862
Improper Access Control
Missing Authorization
|
CVE-2026-5230
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
118
|
7.5 |
HIGH
Network
|
-
|
-
|
Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket no…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-5079
|
2026-06-15 23:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
119
|
7.8 |
HIGH
Local
|
microsoft
|
visual_studio_code
|
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.
Update
|
CWE-94
CWE-829
Code Injection
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-47292
|
2026-06-15 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
120
|
7.6 |
HIGH
Network
|
-
|
-
|
Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, `kitten dnd` can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the lo…
New
|
CWE-59
Link Following
|
CVE-2026-54056
|
2026-06-15 23:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
