|
791
|
7.1 |
HIGH
Network
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar package README from Markdown to HTML with the lute engin…
|
CWE-79
CWE-184
Cross-site Scripting
Incomplete Blacklist
|
CVE-2026-54070
|
2026-06-27 04:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
792
|
5.5 |
MEDIUM
Network
|
snipeitapp
|
snipe-it
|
Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/{their_own_id} and grant themselves any permission except …
|
CWE-863
Incorrect Authorization
|
CVE-2026-48493
|
2026-06-27 04:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
793
|
- |
|
-
|
-
|
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local .npmrc file. In the reproduced case…
|
CWE-200
CWE-522
Information Exposure
Insufficiently Protected Credentials
|
CVE-2026-50017
|
2026-06-27 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
794
|
- |
|
-
|
-
|
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat does not revoke OAuth bearer or …
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-49277
|
2026-06-27 04:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
795
|
7.4 |
HIGH
Network
|
-
|
-
|
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s) introduced a configurable CORS origin list in version 4.5.3 as a mitigation fo…
|
CWE-183
CWE-942
Permissive List of Allowed Inputs
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-46608
|
2026-06-27 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
796
|
8.5 |
HIGH
Network
|
-
|
-
|
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's sendFileMessage DDP method pas…
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-45687
|
2026-06-27 04:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
797
|
8.8 |
HIGH
Network
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue ha…
|
CWE-89
SQL Injection
|
CVE-2026-39951
|
2026-06-27 04:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
798
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A use-after-free in the gf_filter_pid_reconfigure_task_discard function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via suppl…
|
CWE-416
Use After Free
|
CVE-2025-60471
|
2026-06-27 04:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
799
|
6.5 |
MEDIUM
Network
|
-
|
-
|
GPAC MP4Box v2.4 was discovered to contain a NULL pointer dereference in the gf_isom_add_track_kind() function at isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Servi…
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-55639
|
2026-06-27 04:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
800
|
7.8 |
HIGH
Local
|
dell
|
wyse_management_suite
|
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability. A low privileged attacker with local access could potentially explo…
|
CWE-59
Link Following
|
CVE-2026-44274
|
2026-06-27 04:15 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
