|
751
|
- |
|
-
|
-
|
PenguinMod-BackendApi is the backend api for penguinmod. Prior to version 1.0.0, a NoSQL injection vulnerability in the password reset endpoint allows any authenticated user to change the password of…
|
CWE-20
CWE-943
Improper Input Validation
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-47181
|
2026-06-12 05:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
752
|
- |
|
-
|
-
|
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without ver…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-47189
|
2026-06-12 05:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
753
|
7.3 |
HIGH
Network
|
-
|
-
|
KanaDojo contains a command injection vulnerability that allows an attacker with pull request access to execute arbitrary shell commands by inserting shell metacharacters into the version or changes …
|
CWE-78
OS Command
|
CVE-2026-48547
|
2026-06-12 05:57 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
754
|
7.6 |
HIGH
Network
|
-
|
-
|
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). In sasl_io_start_packet(), adding sizeof(uint32_t) to a crafted SASL packet length prefix of 0xFFFFFFFC…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-11774
|
2026-06-12 05:56 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
755
|
- |
|
-
|
-
|
Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulat…
|
CWE-269
Improper Privilege Management
|
CVE-2026-45176
|
2026-06-12 05:56 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
756
|
- |
|
-
|
-
|
Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submittin…
|
CWE-284
Improper Access Control
|
CVE-2026-45177
|
2026-06-12 05:56 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
757
|
- |
|
-
|
-
|
Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credenti…
|
CWE-284
Improper Access Control
|
CVE-2026-45178
|
2026-06-12 05:56 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
758
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library (gst-plugins-bad). When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-53702
|
2026-06-12 05:56 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
759
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-plugins-bad. In the multi-slice-in-tile processing of gst_h266_parser_parse_picture_partiti…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-53701
|
2026-06-12 05:56 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
760
|
- |
|
-
|
-
|
Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security c…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-45175
|
2026-06-12 05:56 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
