|
261
|
3.1 |
LOW
Network
|
-
|
-
|
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.
`django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent reuse of a partially-initialized connection after a …
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-7666
|
2026-06-5 00:21 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262
|
3.1 |
LOW
Network
|
-
|
-
|
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.
`django.middleware.cache.UpdateCacheMiddleware` in Django does not match `Cache-Control` response directives case-insensitive…
New
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2026-8404
|
2026-06-5 00:21 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263
|
- |
|
-
|
-
|
Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections.
The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inj…
New
|
CWE-93
CRLF Injection
|
CVE-2026-8722
|
2026-06-5 00:21 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264
|
7.5 |
HIGH
Network
|
-
|
-
|
HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities.
The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV retu…
New
|
CWE-416
Use After Free
|
CVE-2026-8829
|
2026-06-5 00:21 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265
|
7.5 |
HIGH
Network
|
-
|
-
|
Dell BSAFE SSL-J contains an allocation of resources without limits or throttling vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to a Denial o…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-46638
|
2026-06-5 00:21 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266
|
- |
|
-
|
-
|
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction. An unauthenticat…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7888
|
2026-06-5 00:20 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection.
This issue affects TeknoPass: f…
New
|
CWE-89
SQL Injection
|
CVE-2026-4104
|
2026-06-5 00:20 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268
|
- |
|
-
|
-
|
A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enab…
New
|
CWE-200
Information Exposure
|
CVE-2026-10854
|
2026-06-5 00:19 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269
|
- |
|
-
|
-
|
An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already e…
New
|
CWE-862
Missing Authorization
|
CVE-2026-10855
|
2026-06-5 00:19 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270
|
- |
|
-
|
-
|
A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an external URL. The validation …
New
|
CWE-601
Open Redirect
|
CVE-2026-10856
|
2026-06-5 00:19 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
