|
391
|
9.8 |
CRITICAL
Network
|
jetbrains
|
hub
|
In JetBrains Hub before 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.148429 authentication bypass via direct database access leading to administrative access was p…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-50242
|
2026-06-26 22:20 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
392
|
8.8 |
HIGH
Network
|
jetbrains
|
goland
|
In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration
New
|
CWE-73
External Control of File Name or Path
|
CVE-2026-53915
|
2026-06-26 22:19 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
393
|
8.1 |
HIGH
Network
|
-
|
-
|
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, …
New
|
CWE-836
Use of Password Hash Instead of Password for Authentication
|
CVE-2026-9222
|
2026-06-26 22:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
394
|
7.5 |
HIGH
Network
|
-
|
-
|
The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the bac…
New
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-9221
|
2026-06-26 22:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
395
|
- |
|
-
|
-
|
An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges.
New
|
CWE-782
Exposed IOCTL with Insufficient Access Control
|
CVE-2026-8797
|
2026-06-26 22:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
396
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdown_to_pdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote …
New
|
CWE-79
CWE-918
Cross-site Scripting
Server-Side Request Forgery (SSRF)
|
CVE-2026-8661
|
2026-06-26 22:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
397
|
7.1 |
HIGH
Network
|
-
|
-
|
libnfs through 6.0.2 before 935b8db has an xid integer underflow in READ_IOVEC in rpc_read_from_socket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds …
New
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-57918
|
2026-06-26 22:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
398
|
- |
|
-
|
-
|
A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface and Alert artifact details.
New
|
CWE-94
Code Injection
|
CVE-2025-7958
|
2026-06-26 22:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
399
|
9.8 |
CRITICAL
Network
|
jetbrains
|
hub
|
In JetBrains Hub before 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.148429 account takeover via predictable restore codes was possible
New
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-56141
|
2026-06-26 22:10 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
400
|
8.8 |
HIGH
Network
|
jetbrains
|
hub
|
In JetBrains Hub before 2026.1.13757,
2025.3.148033,
2025.2.148048,
2025.1.148120,
2024.3.148430,
2024.2.148429 privilege escalation by attaching authentication details to accounts was possible
New
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-56142
|
2026-06-26 22:06 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
