|
891
|
5.3 |
MEDIUM
Network
|
-
|
-
|
CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authen…
New
|
CWE-287
Improper Authentication
|
CVE-2026-45289
|
2026-06-5 01:12 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
892
|
4.9 |
MEDIUM
Network
|
-
|
-
|
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io extension sandbox injects a fully-functional HTTP cli…
New
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-41412
|
2026-06-5 01:12 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
893
|
6.5 |
MEDIUM
Network
|
-
|
-
|
wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external message with an encrypted payload that is shorter tha…
New
|
CWE-20
CWE-191
Improper Input Validation
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-35049
|
2026-06-5 01:12 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
894
|
8.5 |
HIGH
Network
|
-
|
-
|
Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHI…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-49120
|
2026-06-5 01:10 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
895
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /_log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by submitti…
New
|
CWE-94
Code Injection
|
CVE-2026-49143
|
2026-06-5 01:10 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
896
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the _default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attackers to read arbitrary files.…
New
|
CWE-22
Path Traversal
|
CVE-2026-49144
|
2026-06-5 01:10 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
897
|
5.9 |
MEDIUM
Network
|
-
|
-
|
QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password ha…
New
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2026-25861
|
2026-06-5 01:10 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
898
|
3.6 |
LOW
Local
|
-
|
-
|
A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculate_dataframe_hash of the file mlrun/utils/helpers.py of the component DataFrame Hash Han…
New
|
CWE-327
CWE-328
Use of a Broken or Risky Cryptographic Algorithm
Use of Weak Hash
|
CVE-2026-10766
|
2026-06-5 01:10 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
899
|
5.3 |
MEDIUM
Network
|
-
|
-
|
OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address.
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-10597
|
2026-06-5 01:10 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
900
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL …
New
|
CWE-400
CWE-404
Uncontrolled Resource Consumption
Improper Resource Shutdown or Release
|
CVE-2026-10802
|
2026-06-5 01:10 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
