|
1201
|
7.2 |
HIGH
Network
|
apache
|
answer
|
Improper Restriction of Security Token Assignment vulnerability in Apache Answer.
This issue affects Apache Answer: through 2.0.0.
Previously issued administrative tokens were not invalidated after…
|
CWE-1259
Improper Restriction of Security Token Assignment
|
CVE-2026-25700
|
2026-06-12 09:50 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1202
|
8.3 |
HIGH
Network
|
plane
|
plane
|
Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in …
|
CWE-639
CWE-862
Authorization Bypass Through User-Controlled Key
Missing Authorization
|
CVE-2026-46558
|
2026-06-12 09:49 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1203
|
5.3 |
MEDIUM
Network
|
openfga
|
helm_charts
openfga
|
OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to O…
|
CWE-345
CWE-668
Insufficient Verification of Data Authenticity
Exposure of Resource to Wrong Sphere
|
CVE-2026-48096
|
2026-06-12 09:46 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1204
|
- |
|
-
|
-
|
Rejected reason: This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis determined that the addressed defect is not reachable in any released version of Zephyr: on every sup…
|
-
|
CVE-2026-10676
|
2026-06-12 09:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1205
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortisandbox
fortisandbox_cloud
fortisandbox_paas
|
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox…
|
CWE-78
OS Command
|
CVE-2026-25089
|
2026-06-12 06:39 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1206
|
6.5 |
MEDIUM
Network
|
fortinet
|
fortiportal
|
A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via <i…
|
CWE-284
Improper Access Control
|
CVE-2026-49938
|
2026-06-12 06:32 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1207
|
6.7 |
MEDIUM
Local
|
fortinet
|
fortios
fortiproxy
|
An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.…
|
CWE-1244
Internal Asset Exposed to Unsafe Debug Access Level or State
|
CVE-2025-67862
|
2026-06-12 06:31 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1208
|
- |
|
-
|
-
|
In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with pac…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-47174
|
2026-06-12 06:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1209
|
8.8 |
HIGH
Network
|
-
|
-
|
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables (ALLOW_ONLY_READONLY_TOOL…
|
CWE-863
Incorrect Authorization
|
CVE-2026-46519
|
2026-06-12 06:01 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1210
|
6.1 |
MEDIUM
Network
|
-
|
-
|
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectl_generic tool in mcp-server-kubernetes passes user-supplied flags direct…
|
CWE-88
Argument Injection
|
CVE-2026-47250
|
2026-06-12 06:01 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
