|
1801
|
5.4 |
MEDIUM
Network
|
adobe
|
experience_manager
|
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma…
|
CWE-79
Cross-site Scripting
|
CVE-2026-48301
|
2026-06-10 23:46 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1802
|
5.4 |
MEDIUM
Network
|
adobe
|
experience_manager
|
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma…
|
CWE-79
Cross-site Scripting
|
CVE-2026-48304
|
2026-06-10 23:45 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1803
|
5.4 |
MEDIUM
Network
|
adobe
|
experience_manager
|
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma…
|
CWE-79
Cross-site Scripting
|
CVE-2026-47974
|
2026-06-10 23:33 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1804
|
7.3 |
HIGH
Network
|
-
|
-
|
Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered trusted
|
CWE-295
Improper Certificate Validation
|
CVE-2026-9758
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1805
|
7.7 |
HIGH
Network
|
-
|
-
|
Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the…
|
CWE-22
Path Traversal
|
CVE-2026-49957
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1806
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Ellucian Banner Self-Service before the April T2 release (2025-04-23) contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP user…
|
CWE-79
Cross-site Scripting
|
CVE-2026-47106
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1807
|
7.8 |
HIGH
Local
|
-
|
-
|
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trust_remote_c…
|
CWE-94
Code Injection
|
CVE-2026-46432
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1808
|
- |
|
-
|
-
|
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and fu…
|
CWE-20
Improper Input Validation
|
CVE-2026-0415
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1809
|
- |
|
-
|
-
|
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and fu…
|
CWE-94
Code Injection
|
CVE-2026-0414
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1810
|
6.1 |
MEDIUM
Network
|
apache
|
answer
|
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer.
This issue affects Apache Answer: through 2.0.0.
Timeline-related APIs lacked proper authorization …
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2026-25699
|
2026-06-10 22:38 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
