|
711
|
5.4 |
MEDIUM
Network
|
nuxt
|
nuxt
nuxt\/nitro-server
|
Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.…
|
CWE-79
CWE-349
CWE-444
Cross-site Scripting
Acceptance of Extraneous Untrusted Data With Trusted Data
HTTP Request Smuggling
|
CVE-2026-46342
|
2026-06-16 03:09 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
712
|
5.4 |
MEDIUM
Network
|
nuxt
|
nuxt\/rspack-builder
nuxt\/webpack-builder
|
Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incompl…
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-45670
|
2026-06-16 03:08 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
713
|
9.8 |
CRITICAL
Network
|
apache
|
cxf
|
A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this
security feature inadv…
|
CWE-20
Improper Input Validation
|
CVE-2026-50628
|
2026-06-16 03:07 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
714
|
9.1 |
CRITICAL
Network
|
apache
|
cxf
|
The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replay…
|
CWE-289
Authentication Bypass by Alternate Name
|
CVE-2026-50627
|
2026-06-16 03:07 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
715
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could be set through the `POST…
|
CWE-79
Cross-site Scripting
|
CVE-2026-53441
|
2026-06-16 03:05 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
716
|
7.2 |
HIGH
Network
|
qnap
|
quts_hero
|
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerabili…
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-62850
|
2026-06-16 02:59 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
717
|
7.5 |
HIGH
Network
|
image-size
|
image-size
|
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2025-71319
|
2026-06-16 02:52 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
718
|
7.5 |
HIGH
Network
|
adobe
|
c2pa
c2pa-web
|
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the applica…
|
CWE-20
Improper Input Validation
|
CVE-2026-34712
|
2026-06-16 02:42 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
719
|
7.5 |
HIGH
Network
|
adobe
|
c2pa
c2pa-web
|
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust s…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-34713
|
2026-06-16 02:42 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
720
|
6.2 |
MEDIUM
Local
|
adobe
|
c2pa
c2pa-web
|
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust s…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-47902
|
2026-06-16 02:42 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
