|
1601
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP request to the URL stored on …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-53946
|
2026-06-26 05:17 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1602
|
- |
|
-
|
-
|
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, with NC_SECURE_ATTACHMENTS=true, an authenticated uploader could deliver .html or .svg attachments that the browser rend…
|
CWE-79
Cross-site Scripting
|
CVE-2026-53929
|
2026-06-26 05:17 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1603
|
- |
|
-
|
-
|
SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryption/decryption and hashing).
DPA Countermeasures …
|
CWE-331
Insufficient Entropy
|
CVE-2026-4930
|
2026-06-26 05:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1604
|
- |
|
-
|
-
|
Jellyfin is an open source self hosted media server. Prior to 10.11.10, a specifically crafted MKV file containing forged filename tags can be leveraged to exploit missing path sanitization during pl…
|
CWE-22
Path Traversal
|
CVE-2026-49246
|
2026-06-26 05:17 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1605
|
8.8 |
HIGH
Network
|
-
|
-
|
Warp is an agentic development environment. From 0.2025.03.05.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepts non-inline `OSC 1337;File` payloads from terminal output and materialize…
|
CWE-20 CWE-73
Improper Input Validation External Control of File Name or Path
|
CVE-2026-48720
|
2026-06-26 05:17 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1606
|
- |
|
-
|
-
|
FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, the Servicecustom Client API's __call method accepts an order_id parameter and fetches the associ…
|
CWE-284 CWE-639 CWE-862
Improper Access Control Authorization Bypass Through User-Controlled Key Missing Authorization
|
CVE-2026-27708
|
2026-06-26 05:17 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1607
|
7.5 |
HIGH
Network
|
-
|
-
|
List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function.
pairwise() collects the values returned by the block into a heap buffer sized to the longer in…
|
CWE-122 CWE-787
Heap-based Buffer Overflow Out-of-bounds Write
|
CVE-2026-12844
|
2026-06-26 05:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1608
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in the sqlo_natural_join_cond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
CWE-89
SQL Injection
|
CVE-2025-61021
|
2026-06-26 05:17 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1609
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in the sqlo_key_part_best component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
CWE-89
SQL Injection
|
CVE-2025-61019
|
2026-06-26 05:17 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1610
|
7.5 |
HIGH
Network
|
-
|
-
|
The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes essential configuration…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-1840
|
2026-06-26 05:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|