| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44584 | — | med | 0.26 | — | — | Jun 22, 2026 | ### Summary The email update functionality fails to invalidate the existing verification state when a user changes their email address, allowing a verified account to retain its verified status after switching to an unverified or unowned email address. ### Technical Details… | |
| CVE-2026-44583 | — | med | 0.26 | — | — | Jun 22, 2026 | ### Summary The PayPal webhook endpoint `/extensions/paypal/webhook` processes the `PAYPAL-CERT-URL` HTTP header without validation, allowing attackers to control server-side HTTP request destinations. ### Technical details: The `/extensions/paypal/webhook` endpoint processes… | |
| CVE-2026-54651 | 0.00 | — | 0.00 | Jun 22, 2026 | pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1. | |||
| CVE-2026-44517 | — | med | 0.26 | — | — | Jun 22, 2026 | ### Impact When processing a build contexts or `add`/`copy` instructions, a malicious server serving a Git repository or a tar archive file can cause files outside of the build context directory to be included in the build context or copied into the build. ### Patches Fixed… | |
| CVE-2026-44203 | — | cri | 0.59 | — | — | Jun 22, 2026 | ### Summary The OAuth 2.0 / OpenID Connect authorization endpoint does not sufficiently sanitize certain user-supplied parameters before incorporating them into the HTML response generated for the `form_post` response mode. This may allow an attacker to inject content into the… | |
| CVE-2026-39904 | 0.00 | — | 0.00 | Jun 22, 2026 | Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by uploading a crafted Office document as an email template attachment. The ApplyTemplate() function in models/attachment.go processes… | |||
| CVE-2026-44202 | — | med | 0.26 | — | — | Jun 22, 2026 | OpenAM (Open Identity Platform) is an open-source Identity and Access Management (IAM) platform derived from ForgeRock OpenAM, providing SSO, OAuth2, SAML, and OpenID Connect capabilities. It is widely deployed in enterprise environments as a central authentication gateway. The… | |
| CVE-2026-44179 | — | cri | 0.59 | — | — | Jun 22, 2026 | ### Summary The excerpt-include macro does not properly escape the title of the included page and executes the content of the excerpt with the macro's rights. Therefore, it is vulnerable to XWiki syntax injection via the included page's title and content, allowing remote code… | |
| CVE-2026-55599 | 0.00 | — | 0.00 | Jun 22, 2026 | phpseclib is a PHP secure communications library. From 0.1.1 until 1.0.30, 2.0.55, and 3.0.54, when an application validates an untrusted X.509 certificate with phpseclib, X509::validateSignature() reads a URL out of that certificate's Authority Information Access (AIA)… | |||
| CVE-2026-41573 | — | hig | 0.45 | — | — | Jun 22, 2026 | OpenAM (Open Identity Platform) is an open-source IAM platform providing SSO, OAuth2, SAML, and OpenID Connect capabilities. The CREST REST API layer exposes user query endpoints under `/json/{realm}/users`. In `IdentityResourceV1.queryCollection()`, the HTTP query parameter… | |
| CVE-2026-33731 | — | med | 0.19 | — | — | Jun 22, 2026 | ## Summary The Authorize.Net webhook handler at `plugin/AuthorizeNet/webhook.php` contains a signature verification bypass that allows an attacker to forge webhook requests with arbitrary payment amounts and target user IDs. By supplying a valid transaction ID from a small… | |
| CVE-2026-33692 | — | hig | 0.38 | — | — | Jun 22, 2026 | ## Vulnerability Details **CWE**: CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory The official `docker-compose.yml` (line 61) mounts the entire project root directory as the Apache document root: ```yaml volumes: -… | |
| CVE-2026-10852 | 0.00 | — | 0.00 | Jun 22, 2026 | IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server. | |||
| CVE-2026-44271 | 0.00 | — | 0.00 | Jun 22, 2026 | Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to… | |||
| CVE-2026-44272 | 0.00 | — | 0.00 | Jun 22, 2026 | Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to… | |||
| CVE-2026-44273 | 0.00 | — | 0.00 | Jun 22, 2026 | Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure. | |||
| CVE-2026-44274 | 0.00 | — | 0.00 | Jun 22, 2026 | Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. | |||
| CVE-2026-53779 | 0.00 | — | 0.00 | Jun 22, 2026 | WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMG_PATH directory by sending requests with percent-encoded backslashes (%5C) that bypass the path.Clean() sanitization in… | |||
| CVE-2026-11834 | 0.00 | — | 0.00 | Jun 22, 2026 | A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP… | |||
| CVE-2026-33684 | med | 0.19 | — | — | Jun 22, 2026 | ## Summary The `set_api_signUp` method in the API plugin accepts `emailVerified`, `canUpload`, `canStream`, and `canCreateMeet` parameters from user-supplied input and applies them to newly created accounts without verifying that the request was authenticated with a valid… | ||
| CVE-2026-55443 | 0.00 | — | 0.00 | Jun 22, 2026 | LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors… | |||
| CVE-2026-33646 | cri | 0.59 | — | 0.01 | Jun 22, 2026 | ## Summary Mise processes `.tool-versions` files through the Tera template engine during parsing, with the `exec()` function registered, enabling arbitrary command execution. Unlike `.mise.toml` files, `.tool-versions` files are **not subject to trust verification** in… | ||
| CVE-2026-10789 | 0.00 | — | 0.00 | Jun 22, 2026 | A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the… | |||
| CVE-2026-32315 | med | 0.26 | — | 0.03 | Jun 22, 2026 | # Security Advisory: World-Readable Configuration File Exposes Admin Password Hash in motionEye ## Summary motionEye v0.43.1 and prior versions create the configuration file `/etc/motioneye/motion.conf` with `644` permissions (`-rw-r--r--`), making it readable by any local… | ||
| CVE-2026-31978 | med | 0.26 | — | 0.00 | Jun 22, 2026 | ### Summary motionEye v0.43.1 (latest stable) is vulnerable to path traversal in the picture and movie API endpoints, like `/picture/{id}/preview/{filename}`. Neither the API handlers, nor the `mediafiles.py` functions like `get_media_preview()` check for `..` sequences in the… | ||
| CVE-2026-25119 | hig | 0.38 | — | 0.01 | Jun 22, 2026 | ## Summary When `ENABLE_REVERSE_PROXY_AUTHENTICATION` is enabled, Gogs accepts the configured authentication header (default: `X-WEBAUTH-USER`) directly from client requests without validating that the request originated from a trusted reverse proxy. Any remote attacker who can… | ||
| CVE-2025-64719 | med | 0.19 | — | 0.00 | Jun 22, 2026 | ### Summary A malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface unusable for the repository or wiki. … | ||
| CVE-2026-42127 | 0.00 | — | 0.00 | Jun 22, 2026 | The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid… | |||
| CVE-2026-56109 | 0.00 | — | 0.00 | Jun 22, 2026 | The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array… | |||
| CVE-2026-12249 | 0.00 | — | 0.00 | Jun 22, 2026 | An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services (AD CS) certificate auto-enrollment via the vendored Samba client script (internal/policies/certificate/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py),… | |||
| CVE-2026-11994 | 0.00 | — | 0.00 | Jun 22, 2026 | Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report. | |||
| CVE-2026-41049 | 0.00 | — | 0.00 | Jun 22, 2026 | Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them. | |||
| CVE-2026-41048 | 0.00 | — | 0.00 | Jun 22, 2026 | Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot". | |||
| CVE-2026-11943 | 0.00 | — | 0.00 | Jun 22, 2026 | Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name. | |||
| CVE-2026-41047 | 0.00 | — | 0.00 | Jun 22, 2026 | Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information. | |||
| CVE-2026-7253 | 0.00 | — | 0.00 | Jun 22, 2026 | IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating… | |||
| CVE-2026-12479 | 0.00 | — | 0.00 | Jun 22, 2026 | A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the `DiskIOStore.make` method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to… | |||
| CVE-2026-50178 | 0.00 | — | 0.00 | Jun 22, 2026 | The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown renderer with the isTrusted: true option (located in client/src/client.ts). This… | |||
| CVE-2026-41046 | 0.00 | — | 0.00 | Jun 22, 2026 | A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root. | |||
| CVE-2026-8934 | 0.00 | — | 0.00 | Jun 22, 2026 | A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This… | |||
| CVE-2026-11942 | 0.00 | — | 0.00 | Jun 22, 2026 | Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name. | |||
| CVE-2026-41045 | 0.00 | — | 0.00 | Jun 22, 2026 | A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user. | |||
| CVE-2026-49241 | 0.00 | — | 0.00 | Jun 22, 2026 | The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular Language Service VS Code extension reads the custom TypeScript SDK paths typescript.tsdk and js/ts.tsdk.path directly from workspace… | |||
| CVE-2026-9320 | 0.00 | — | 0.00 | Jun 22, 2026 | IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to… | |||
| CVE-2026-9071 | 0.00 | — | 0.00 | Jun 22, 2026 | IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to… | |||
| CVE-2026-9006 | 0.00 | — | 0.00 | Jun 22, 2026 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure. | |||
| CVE-2026-8646 | 0.00 | — | 0.00 | Jun 22, 2026 | IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to… | |||
| CVE-2026-10845 | 0.00 | — | 0.00 | Jun 22, 2026 | IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications. | |||
| CVE-2024-51454 | 0.00 | — | 0.00 | Jun 22, 2026 | IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to… | |||
| CVE-2023-33854 | 0.00 | — | 0.00 | Jun 22, 2026 | IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques. |
- risk 0.26cvss —epss —
### Summary The email update functionality fails to invalidate the existing verification state when a user changes their email address, allowing a verified account to retain its verified status after switching to an unverified or unowned email address. ### Technical Details…
- risk 0.26cvss —epss —
### Summary The PayPal webhook endpoint `/extensions/paypal/webhook` processes the `PAYPAL-CERT-URL` HTTP header without validation, allowing attackers to control server-side HTTP request destinations. ### Technical details: The `/extensions/paypal/webhook` endpoint processes…
- CVE-2026-54651Jun 22, 2026risk 0.00cvss —epss 0.00
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1.
- risk 0.26cvss —epss —
### Impact When processing a build contexts or `add`/`copy` instructions, a malicious server serving a Git repository or a tar archive file can cause files outside of the build context directory to be included in the build context or copied into the build. ### Patches Fixed…
- risk 0.59cvss —epss —
### Summary The OAuth 2.0 / OpenID Connect authorization endpoint does not sufficiently sanitize certain user-supplied parameters before incorporating them into the HTML response generated for the `form_post` response mode. This may allow an attacker to inject content into the…
- CVE-2026-39904Jun 22, 2026risk 0.00cvss —epss 0.00
Gophish through 0.12.1 contains a denial of service vulnerability that allows authenticated users with the User role to exhaust server memory by uploading a crafted Office document as an email template attachment. The ApplyTemplate() function in models/attachment.go processes…
- risk 0.26cvss —epss —
OpenAM (Open Identity Platform) is an open-source Identity and Access Management (IAM) platform derived from ForgeRock OpenAM, providing SSO, OAuth2, SAML, and OpenID Connect capabilities. It is widely deployed in enterprise environments as a central authentication gateway. The…
- risk 0.59cvss —epss —
### Summary The excerpt-include macro does not properly escape the title of the included page and executes the content of the excerpt with the macro's rights. Therefore, it is vulnerable to XWiki syntax injection via the included page's title and content, allowing remote code…
- CVE-2026-55599Jun 22, 2026risk 0.00cvss —epss 0.00
phpseclib is a PHP secure communications library. From 0.1.1 until 1.0.30, 2.0.55, and 3.0.54, when an application validates an untrusted X.509 certificate with phpseclib, X509::validateSignature() reads a URL out of that certificate's Authority Information Access (AIA)…
- risk 0.45cvss —epss —
OpenAM (Open Identity Platform) is an open-source IAM platform providing SSO, OAuth2, SAML, and OpenID Connect capabilities. The CREST REST API layer exposes user query endpoints under `/json/{realm}/users`. In `IdentityResourceV1.queryCollection()`, the HTTP query parameter…
- risk 0.19cvss —epss —
## Summary The Authorize.Net webhook handler at `plugin/AuthorizeNet/webhook.php` contains a signature verification bypass that allows an attacker to forge webhook requests with arbitrary payment amounts and target user IDs. By supplying a valid transaction ID from a small…
- risk 0.38cvss —epss —
## Vulnerability Details **CWE**: CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory The official `docker-compose.yml` (line 61) mounts the entire project root directory as the Apache document root: ```yaml volumes: -…
- CVE-2026-10852Jun 22, 2026risk 0.00cvss —epss 0.00
IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.
- CVE-2026-44271Jun 22, 2026risk 0.00cvss —epss 0.00
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to…
- CVE-2026-44272Jun 22, 2026risk 0.00cvss —epss 0.00
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to…
- CVE-2026-44273Jun 22, 2026risk 0.00cvss —epss 0.00
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.
- CVE-2026-44274Jun 22, 2026risk 0.00cvss —epss 0.00
Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
- CVE-2026-53779Jun 22, 2026risk 0.00cvss —epss 0.00
WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMG_PATH directory by sending requests with percent-encoded backslashes (%5C) that bypass the path.Clean() sanitization in…
- CVE-2026-11834Jun 22, 2026risk 0.00cvss —epss 0.00
A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP…
- risk 0.19cvss —epss —
## Summary The `set_api_signUp` method in the API plugin accepts `emailVerified`, `canUpload`, `canStream`, and `canCreateMeet` parameters from user-supplied input and applies them to newly created accounts without verifying that the request was authenticated with a valid…
- CVE-2026-55443Jun 22, 2026risk 0.00cvss —epss 0.00
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors…
- risk 0.59cvss —epss 0.01
## Summary Mise processes `.tool-versions` files through the Tera template engine during parsing, with the `exec()` function registered, enabling arbitrary command execution. Unlike `.mise.toml` files, `.tool-versions` files are **not subject to trust verification** in…
- CVE-2026-10789Jun 22, 2026risk 0.00cvss —epss 0.00
A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the…
- risk 0.26cvss —epss 0.03
# Security Advisory: World-Readable Configuration File Exposes Admin Password Hash in motionEye ## Summary motionEye v0.43.1 and prior versions create the configuration file `/etc/motioneye/motion.conf` with `644` permissions (`-rw-r--r--`), making it readable by any local…
- risk 0.26cvss —epss 0.00
### Summary motionEye v0.43.1 (latest stable) is vulnerable to path traversal in the picture and movie API endpoints, like `/picture/{id}/preview/{filename}`. Neither the API handlers, nor the `mediafiles.py` functions like `get_media_preview()` check for `..` sequences in the…
- risk 0.38cvss —epss 0.01
## Summary When `ENABLE_REVERSE_PROXY_AUTHENTICATION` is enabled, Gogs accepts the configured authentication header (default: `X-WEBAUTH-USER`) directly from client requests without validating that the request originated from a trusted reverse proxy. Any remote attacker who can…
- risk 0.19cvss —epss 0.00
### Summary A malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface unusable for the repository or wiki. …
- CVE-2026-42127Jun 22, 2026risk 0.00cvss —epss 0.00
The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid…
- CVE-2026-56109Jun 22, 2026risk 0.00cvss —epss 0.00
The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array…
- CVE-2026-12249Jun 22, 2026risk 0.00cvss —epss 0.00
An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services (AD CS) certificate auto-enrollment via the vendored Samba client script (internal/policies/certificate/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py),…
- CVE-2026-11994Jun 22, 2026risk 0.00cvss —epss 0.00
Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report.
- CVE-2026-41049Jun 22, 2026risk 0.00cvss —epss 0.00
Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them.
- CVE-2026-41048Jun 22, 2026risk 0.00cvss —epss 0.00
Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot".
- CVE-2026-11943Jun 22, 2026risk 0.00cvss —epss 0.00
Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail pages. An authenticated user can store HTML/JavaScript in their own profile name.
- CVE-2026-41047Jun 22, 2026risk 0.00cvss —epss 0.00
Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information.
- CVE-2026-7253Jun 22, 2026risk 0.00cvss —epss 0.00
IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating…
- CVE-2026-12479Jun 22, 2026risk 0.00cvss —epss 0.00
A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the `DiskIOStore.make` method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to…
- CVE-2026-50178Jun 22, 2026risk 0.00cvss —epss 0.00
The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown renderer with the isTrusted: true option (located in client/src/client.ts). This…
- CVE-2026-41046Jun 22, 2026risk 0.00cvss —epss 0.00
A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root.
- CVE-2026-8934Jun 22, 2026risk 0.00cvss —epss 0.00
A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This…
- CVE-2026-11942Jun 22, 2026risk 0.00cvss —epss 0.00
Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name.
- CVE-2026-41045Jun 22, 2026risk 0.00cvss —epss 0.00
A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user.
- CVE-2026-49241Jun 22, 2026risk 0.00cvss —epss 0.00
The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular Language Service VS Code extension reads the custom TypeScript SDK paths typescript.tsdk and js/ts.tsdk.path directly from workspace…
- CVE-2026-9320Jun 22, 2026risk 0.00cvss —epss 0.00
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to…
- CVE-2026-9071Jun 22, 2026risk 0.00cvss —epss 0.00
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to…
- CVE-2026-9006Jun 22, 2026risk 0.00cvss —epss 0.00
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.
- CVE-2026-8646Jun 22, 2026risk 0.00cvss —epss 0.00
IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to…
- CVE-2026-10845Jun 22, 2026risk 0.00cvss —epss 0.00
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications.
- CVE-2024-51454Jun 22, 2026risk 0.00cvss —epss 0.00
IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to…
- CVE-2023-33854Jun 22, 2026risk 0.00cvss —epss 0.00
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques.