|
3611
|
8.8 |
HIGH
Network
|
jetbrains
|
intellij_idea
|
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
|
CWE-862
Missing Authorization
|
CVE-2026-49367
|
2026-06-1 22:56 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3612
|
6.5 |
MEDIUM
Network
|
elastic
|
kibana
|
Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with viewer-level access can submit a request containin…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-49094
|
2026-06-1 22:31 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3613
|
6.5 |
MEDIUM
Network
|
elastic
|
kibana
|
Improper Input Validation (CWE-20) in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent po…
|
CWE-20
Improper Input Validation
|
CVE-2026-49095
|
2026-06-1 22:30 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3614
|
7.8 |
HIGH
Local
|
canonical
|
multipass
|
An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd da…
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-49237
|
2026-06-1 22:27 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3615
|
8.4 |
HIGH
Local
|
canonical
|
multipass
|
An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), which executes with root privileges on the host, contains a path containment …
|
CWE-22
Path Traversal
|
CVE-2026-49238
|
2026-06-1 22:26 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3616
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function create_medicine_name of the file /ShowForm/create_medicine_name/…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-10244
|
2026-06-1 22:14 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3617
|
3.5 |
LOW
Network
|
-
|
-
|
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is the function create_supplier of the file /ShowForm/create_supplier/main. Executing a manipul…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-10245
|
2026-06-1 22:14 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3618
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function create_medicine_presentation of the file /ShowForm/create_medicine_presentation/mai…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-10246
|
2026-06-1 22:14 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3619
|
3.5 |
LOW
Network
|
-
|
-
|
A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects the function create_generic_name of the file /ShowForm/create_generic_name/main. The ma…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-10247
|
2026-06-1 22:14 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3620
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System up to 1.0. This issue affects the function create_supplier of the file /Export_csv/export of the component Supplie…
|
CWE-74
CWE-1236
Injection
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-10248
|
2026-06-1 22:14 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
