|
91
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions.
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-15658
|
2026-06-16 01:16 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
5.3 |
MEDIUM
Network
|
axios
|
axios
|
Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., config.proxy) are still constructed as plain {} with Obj…
Update
|
CWE-113
CWE-1321
HTTP Response Splitting
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-44489
|
2026-06-16 01:13 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
7.5 |
HIGH
Network
|
vllm
|
vllm
|
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in the `VideoMediaIO.load_base64()` method. When processi…
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-5497
|
2026-06-16 01:11 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
9.8 |
CRITICAL
Network
|
splunk
|
splunk
|
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through …
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-20253
|
2026-06-16 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
10.0 |
CRITICAL
Network
|
adobe
|
coldfusion
|
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati…
Update
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-47928
|
2026-06-16 00:20 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
96
|
9.1 |
CRITICAL
Network
|
adobe
|
coldfusion
|
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privi…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-47929
|
2026-06-16 00:18 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
97
|
8.1 |
HIGH
Network
|
adobe
|
coldfusion
|
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage thi…
Update
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-47930
|
2026-06-16 00:18 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
9.9 |
CRITICAL
Network
|
adobe
|
coldfusion
|
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati…
Update
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-47931
|
2026-06-16 00:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
9.6 |
CRITICAL
Network
|
adobe
|
coldfusion
|
ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature…
Update
|
CWE-22
Path Traversal
|
CVE-2026-47932
|
2026-06-16 00:12 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
5.4 |
MEDIUM
Network
|
adobe
|
coldfusion
|
ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vu…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-47933
|
2026-06-16 00:11 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
