|
761
|
- |
|
-
|
-
|
FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PD…
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-45802
|
2026-06-12 05:51 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
762
|
8.1 |
HIGH
Network
|
-
|
-
|
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the api_tokens database table. Any…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2026-46622
|
2026-06-12 05:50 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
763
|
5.3 |
MEDIUM
Network
|
-
|
-
|
CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials by issuing cross-origin or HTTP-downgrade redirects to …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-49949
|
2026-06-12 05:50 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
764
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missi…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-53781
|
2026-06-12 05:50 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
765
|
7.4 |
HIGH
Network
|
-
|
-
|
Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresse…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-53782
|
2026-06-12 05:50 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
766
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections.
The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by n…
|
CWE-93
CRLF Injection
|
CVE-2026-50638
|
2026-06-12 05:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
767
|
8.2 |
HIGH
Network
|
-
|
-
|
Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections.
The statsd protocol (and extensions) allow mutiple metrics,separated by newlines, to be sent p…
|
CWE-93
CRLF Injection
|
CVE-2026-50637
|
2026-06-12 05:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
768
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
|
-
|
CVE-2026-12038
|
2026-06-12 05:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
769
|
4.0 |
MEDIUM
Local
|
nsa
|
ghidra
|
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability s…
|
CWE-758
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
|
CVE-2024-58350
|
2026-06-12 04:53 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
770
|
7.8 |
HIGH
Local
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-42916
|
2026-06-12 04:53 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
