|
1101
|
- |
|
-
|
-
|
Missing Authentication for Critical Function (CWE-306) in the RegisterView (apps/accounts/views.py), exposed at POST /api/auth/register/, in MailerUp <1.0.1 allows a remote, unauthenticated attacker …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-13164
|
2026-06-26 04:58 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1102
|
7.7 |
HIGH
Network
|
-
|
-
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-33235
|
2026-06-26 04:58 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1103
|
- |
|
-
|
-
|
FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/create, intended for initial administrator bootstrap. D…
|
CWE-288
CWE-306
Authentication Bypass Using an Alternate Path or Channel
Missing Authentication for Critical Function
|
CVE-2026-33543
|
2026-06-26 04:58 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1104
|
5.5 |
MEDIUM
Network
|
-
|
-
|
Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated administrators to read arbitrary files from the serv…
|
CWE-22
Path Traversal
|
CVE-2026-55439
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1105
|
7.8 |
HIGH
Local
|
-
|
-
|
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine (glances/plugins/vms/engines/virsh.py) passes VM domain names, read directly fr…
|
CWE-78
OS Command
|
CVE-2026-46606
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1106
|
7.8 |
HIGH
Local
|
-
|
-
|
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load() to read a version-check cache file stored at a predictable, world-accessible pa…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-46607
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1107
|
7.5 |
HIGH
Network
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.14, it does not stop the HTTP file handlers from…
|
CWE-22
CWE-59
Path Traversal
Link Following
|
CVE-2026-54094
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1108
|
7.8 |
HIGH
Local
|
-
|
-
|
Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the secure_popen() function in glances/secure.py interprets > (file redirection), | (pipe), and && (command ch…
|
CWE-22
Path Traversal
|
CVE-2026-53925
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1109
|
- |
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, the Hook Authentication feature in File Brows…
|
CWE-78
CWE-88
CWE-306
OS Command
Argument Injection
Missing Authentication for Critical Function
|
CVE-2026-54088
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1110
|
9.1 |
CRITICAL
Network
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with …
|
CWE-287
CWE-290
Improper Authentication
Authentication Bypass by Spoofing
|
CVE-2026-54089
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
