|
1521
|
8.2 |
HIGH
Network
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.16, a scoped, non-admin File Browser user holdin…
|
CWE-22 CWE-59
Path Traversal Link Following
|
CVE-2026-55667
|
2026-06-26 13:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1522
|
6.5 |
MEDIUM
Network
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, unchecked passwords maximums allow for an arb…
|
CWE-400 CWE-1284
Uncontrolled Resource Consumption Improper Validation of Specified Quantity in Input
|
CVE-2026-54092
|
2026-06-26 13:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1523
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/server.py) does not validate the HTTP Host header, leav…
|
CWE-346 CWE-350
Origin Validation Error Reliance on Reverse DNS Resolution for a Security-Critical Action
|
CVE-2026-46611
|
2026-06-26 13:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1524
|
5.5 |
MEDIUM
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt~04! or VimCrypt~05!
method (xchacha20poly1305, requires the +sodium feature) whos…
|
CWE-125 CWE-191
Out-of-bounds Read Integer Underflow (Wrap or Wraparound)
|
CVE-2026-57452
|
2026-06-26 13:12 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1525
|
6.1 |
MEDIUM
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to 9.2.0670, get_text_props() in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of …
|
CWE-125
Out-of-bounds Read
|
CVE-2026-57451
|
2026-06-26 13:11 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1526
|
6.6 |
MEDIUM
Local
|
nokogiri
|
nokogiri
|
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Node#do_xinclude replaced each <xi:include> in pl…
|
CWE-416
Use After Free
|
CVE-2026-57438
|
2026-06-26 13:11 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1527
|
5.5 |
MEDIUM
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefi…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-55892
|
2026-06-26 12:53 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1528
|
8.8 |
HIGH
Network
|
angular
|
angular_language_service
|
The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular Language Service VS Code extension reads the custom T…
|
CWE-79 CWE-94 CWE-427 CWE-494
Cross-site Scripting Code Injection Uncontrolled Search Path Element Download of Code Without Integrity Check
|
CVE-2026-49241
|
2026-06-26 12:47 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1529
|
8.8 |
HIGH
Network
|
angular
|
angular_language_service
|
The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown ren…
|
CWE-79 CWE-94
Cross-site Scripting Code Injection
|
CVE-2026-50178
|
2026-06-26 11:57 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1530
|
5.4 |
MEDIUM
Network
|
coturn_project
|
coturn
|
Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting (XSS) vulnerability in the web-admin HTTPS interface. An attacker w…
|
CWE-79
Cross-site Scripting
|
CVE-2026-43915
|
2026-06-26 11:35 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|