|
431
|
- |
|
-
|
-
|
Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery sca…
New
|
-
|
CVE-2026-9522
|
2026-06-3 02:19 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
432
|
- |
|
-
|
-
|
Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without …
New
|
-
|
CVE-2026-9590
|
2026-06-3 02:19 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
433
|
8.8 |
HIGH
Network
|
-
|
-
|
Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions…
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-10591
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
434
|
6.1 |
MEDIUM
Physics
|
-
|
-
|
Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerabilit…
New
|
CWE-284
Improper Access Control
|
CVE-2026-40713
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
435
|
7.8 |
HIGH
Local
|
-
|
-
|
Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, le…
New
|
CWE-284
Improper Access Control
|
CVE-2026-40715
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
436
|
- |
|
-
|
-
|
NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/classes/ForumPostReactionContext.php` only verifies that the caller can view the forum, but it does not re-enfor…
New
|
CWE-862
Missing Authorization
|
CVE-2026-35443
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
437
|
- |
|
-
|
-
|
NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page (modules/Core/pages/profile.php) processes wall post submissions and replies before verifying whether the view…
New
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-35447
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
438
|
- |
|
-
|
-
|
NamelessMC is website software for Minecraft servers. In version 2.2.4,`core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private-…
New
|
CWE-862
Missing Authorization
|
CVE-2026-40314
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
439
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied mode…
New
|
CWE-94
Code Injection
|
CVE-2026-47117
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
440
|
- |
|
-
|
-
|
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling.
In lib/mint/http1/request.ex, the encode_requ…
New
|
CWE-93
CRLF Injection
|
CVE-2026-48861
|
2026-06-3 02:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
