|
3241
|
5.9 |
MEDIUM
Network
|
-
|
-
|
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simple_packet_parser_ng.cpp, after validating that the packet contains at least sizeof(ipv4…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-48682
|
2026-06-5 01:28 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3242
|
7.5 |
HIGH
Network
|
-
|
-
|
An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-37462
|
2026-06-5 01:28 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3243
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads generated by the AI mo…
|
CWE-79
Cross-site Scripting
|
CVE-2026-39107
|
2026-06-5 01:28 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3244
|
9.8 |
CRITICAL
Network
|
-
|
-
|
CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values.
|
CWE-113
HTTP Response Splitting
|
CVE-2026-38967
|
2026-06-5 01:26 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3245
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request.
|
CWE-78
OS Command
|
CVE-2026-36576
|
2026-06-5 01:26 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3246
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2026-33553
|
2026-06-5 01:25 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3247
|
5.4 |
MEDIUM
Network
|
-
|
-
|
LIBPNG is a reference library for use in applications that process PNG (Portable Network Graphics) raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG pa…
|
CWE-436
Interpretation Conflict
|
CVE-2026-40930
|
2026-06-5 01:23 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3248
|
9.6 |
CRITICAL
Network
|
-
|
-
|
An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HT…
|
CWE-78
OS Command
|
CVE-2026-35906
|
2026-06-5 01:23 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3249
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects WriteUp Mo…
|
CWE-284
CWE-862
Improper Access Control
Missing Authorization
|
CVE-2026-5228
|
2026-06-5 01:23 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3250
|
9.9 |
CRITICAL
Network
|
-
|
-
|
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.
|
CWE-863
Incorrect Authorization
|
CVE-2026-41283
|
2026-06-5 01:21 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
