|
3321
|
5.3 |
MEDIUM
Network
|
-
|
-
|
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rathe…
|
CWE-248
CWE-770
Uncaught Exception
Allocation of Resources Without Limits or Throttling
|
CVE-2026-45554
|
2026-06-3 02:15 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3322
|
7.5 |
HIGH
Network
|
-
|
-
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation.
This issue affects BookIt: from n/a before 2.5.4.1.
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-40780
|
2026-06-3 02:11 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3323
|
7.1 |
HIGH
Network
|
-
|
-
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation.
This issue affects Wallet System for WooComme…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-42654
|
2026-06-3 02:11 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3324
|
8.8 |
HIGH
Network
|
tanium
|
connect
|
Tanium addressed an unauthorized code execution vulnerability in Connect.
|
CWE-78
OS Command
|
CVE-2026-9208
|
2026-06-3 01:29 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3325
|
8.8 |
HIGH
Network
|
samsung
|
escargot
|
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.
This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31.
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8915
|
2026-06-3 01:23 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3326
|
8.2 |
HIGH
Network
|
-
|
-
|
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a sho…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-5260
|
2026-06-3 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3327
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Thor Vector Graphics (ThorVG) is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run() allows any caller that passes untrusted SVG data to …
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-45729
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3328
|
8.2 |
HIGH
Network
|
-
|
-
|
parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData() walks bracket and dot-notation FormData field names into nes…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-45302
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3329
|
- |
|
-
|
-
|
esm.sh is a no-build content delivery network (CDN) for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ulti…
|
CWE-22
Path Traversal
|
CVE-2026-44593
|
2026-06-3 01:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3330
|
- |
|
-
|
-
|
Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content.
Package keys read from build/packages/packages.t…
|
CWE-22
Path Traversal
|
CVE-2026-43965
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
