|
261
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fissi…
New
|
CWE-250
CWE-269
Execution with Unnecessary Privileges
Improper Privilege Management
|
CVE-2026-50566
|
2026-06-12 23:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262
|
8.8 |
HIGH
Network
|
-
|
-
|
A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges
This issue affects Apache OFBiz: before 24.09.07.
Users are recommended…
New
|
CWE-285
Improper Authorization
|
CVE-2026-47342
|
2026-06-12 23:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263
|
- |
|
-
|
-
|
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an att…
New
|
CWE-77
CWE-88
CWE-829
Command Injection
Argument Injection
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-46529
|
2026-06-12 23:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264
|
7.0 |
HIGH
Network
|
-
|
-
|
Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request config processing. If another vulnerab…
New
|
CWE-94
CWE-1321
Code Injection
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-44495
|
2026-06-12 23:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265
|
7.5 |
HIGH
Network
|
vmware
|
spring_for_graphql
|
The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are …
New
|
CWE-284
Improper Access Control
|
CVE-2026-41856
|
2026-06-12 23:14 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266
|
8.1 |
HIGH
Network
|
vmware
|
spring_for_graphql
|
Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page,…
New
|
CWE-346
Origin Validation Error
|
CVE-2026-41700
|
2026-06-12 23:13 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267
|
7.5 |
HIGH
Network
|
sqlfluff
|
sqlfluff
|
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be l…
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-46373
|
2026-06-12 23:10 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268
|
7.5 |
HIGH
Network
|
sqlfluff
|
sqlfluff
|
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be l…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-46374
|
2026-06-12 23:01 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269
|
7.5 |
HIGH
Network
|
pipecat
|
pipecat
|
Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pip…
New
|
CWE-22
Path Traversal
|
CVE-2026-44716
|
2026-06-12 23:00 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270
|
6.5 |
MEDIUM
Network
|
qnap
|
file_station
|
A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-22899
|
2026-06-12 22:49 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
