|
131
|
5.3 |
MEDIUM
Network
|
-
|
-
|
When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or log…
New
|
-
|
CVE-2026-42507
|
2026-06-5 01:15 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
132
|
- |
|
-
|
-
|
In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync
attack (request smuggling), which in turn can be…
New
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-50052
|
2026-06-5 01:15 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
133
|
7.5 |
HIGH
Network
|
-
|
-
|
ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform m…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-50031
|
2026-06-5 01:15 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
134
|
- |
|
-
|
-
|
Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocat…
New
|
CWE-367
CWE-770
Time-of-check Time-of-use (TOCTOU) Race Condition
Allocation of Resources Without Limits or Throttling
|
CVE-2026-35202
|
2026-06-5 01:12 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
135
|
5.3 |
MEDIUM
Network
|
-
|
-
|
CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authen…
New
|
CWE-287
Improper Authentication
|
CVE-2026-45289
|
2026-06-5 01:12 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
136
|
4.9 |
MEDIUM
Network
|
-
|
-
|
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a fully-functional HTTP cli…
New
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-41412
|
2026-06-5 01:12 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
137
|
6.5 |
MEDIUM
Network
|
-
|
-
|
wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external message with an encrypted payload that is shorter tha…
New
|
CWE-20
CWE-191
Improper Input Validation
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-35049
|
2026-06-5 01:12 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
138
|
- |
|
-
|
-
|
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable bo…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-35212
|
2026-06-5 01:12 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
139
|
8.5 |
HIGH
Network
|
-
|
-
|
Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHI…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-49120
|
2026-06-5 01:10 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
140
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /_log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by submitti…
New
|
CWE-94
Code Injection
|
CVE-2026-49143
|
2026-06-5 01:10 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
