CVE-2026-49232 - Routinator exits when accepting an incoming HTTP or RTR connection fails
CVE ID :CVE-2026-49232
Published : June 8, 2026, 12:58 p.m. | 2 hours, 2 minutes ago
Description :Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server. This only affects users that make their HTTP or RTR server available to untrusted networks.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49232
Published : June 8, 2026, 12:58 p.m. | 2 hours, 2 minutes ago
Description :Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server. This only affects users that make their HTTP or RTR server available to untrusted networks.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-49233 - Routinator cache path traversal using rogue rsync URIs
CVE ID :CVE-2026-49233
Published : June 8, 2026, 12:58 p.m. | 2 hours, 1 minute ago
Description :Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49233
Published : June 8, 2026, 12:58 p.m. | 2 hours, 1 minute ago
Description :Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-49234 - Routinator crashes on specifically crafted ASN strings in the API
CVE ID :CVE-2026-49234
Published : June 8, 2026, 12:58 p.m. | 2 hours, 1 minute ago
Description :When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49234
Published : June 8, 2026, 12:58 p.m. | 2 hours, 1 minute ago
Description :When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-49235 - Routinator crashes on specifically crafted RRDP XML files
CVE ID :CVE-2026-49235
Published : June 8, 2026, 12:59 p.m. | 2 hours, 1 minute ago
Description :When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49235
Published : June 8, 2026, 12:59 p.m. | 2 hours, 1 minute ago
Description :When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11516 - UTT HiPER 2610G formNatStaticMap strcpy buffer overflow
CVE ID :CVE-2026-11516
Published : June 8, 2026, 1 p.m. | 2 hours ago
Description :A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBinds results in buffer overflow. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11516
Published : June 8, 2026, 1 p.m. | 2 hours ago
Description :A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBinds results in buffer overflow. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11517 - UTT HiPER 2610G formConfigDnsFilterGlobal strcpy buffer overflow
CVE ID :CVE-2026-11517
Published : June 8, 2026, 1:15 p.m. | 1 hour, 45 minutes ago
Description :A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11517
Published : June 8, 2026, 1:15 p.m. | 1 hour, 45 minutes ago
Description :A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11511 - Bolt CMS HTML Attribute TextType.php HTML injection
CVE ID :CVE-2026-11511
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The GitHub repository was archived by the owner and is now read-only. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11511
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The GitHub repository was archived by the owner and is now read-only. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11512 - itsourcecode Hospital Management System billing.php cross site scripting
CVE ID :CVE-2026-11512
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. This issue affects some unknown processing of the file /billing.php. The manipulation of the argument patientid leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11512
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. This issue affects some unknown processing of the file /billing.php. The manipulation of the argument patientid leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11513 - itsourcecode Hospital Management System adminaccount.php sql injection
CVE ID :CVE-2026-11513
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :A vulnerability was detected in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminaccount.php. The manipulation of the argument Date results in sql injection. The attack can be launched remotely. The exploit is now public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11513
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :A vulnerability was detected in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminaccount.php. The manipulation of the argument Date results in sql injection. The attack can be launched remotely. The exploit is now public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11514 - itsourcecode Hospital Management System addpatient.php sql injection
CVE ID :CVE-2026-11514
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :A flaw has been found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /addpatient.php. This manipulation of the argument admissiontme causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11514
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :A flaw has been found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /addpatient.php. This manipulation of the argument admissiontme causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11515 - SourceCodester Barangay Resident Profiling and Information Management System Password Reset passsword_reset.php hard-coded password
CVE ID :CVE-2026-11515
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :A vulnerability has been found in SourceCodester Barangay Resident Profiling and Information Management System 1.0. The impacted element is an unknown function of the file passsword_reset.php of the component Password Reset Handler. Such manipulation of the argument new_password with the input password123 leads to use of hard-coded password. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11515
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :A vulnerability has been found in SourceCodester Barangay Resident Profiling and Information Management System 1.0. The impacted element is an unknown function of the file passsword_reset.php of the component Password Reset Handler. Such manipulation of the argument new_password with the input password123 leads to use of hard-coded password. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11577 - Keycloak: keycloak: privilege escalation via partialimport fgap permission bypass
CVE ID :CVE-2026-11577
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/{realm}/partialImport endpoint. This allows them to bypass Fine-Grained Admin Permissions (FGAP) and escalate their privileges to a full realm administrator by importing users with realm-admin role mappings.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11577
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/{realm}/partialImport endpoint. This allows them to bypass Fine-Grained Admin Permissions (FGAP) and escalate their privileges to a full realm administrator by importing users with realm-admin role mappings.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7186 - Fix stored XSS in URL dashboard widget via dangerous URI schemes
CVE ID :CVE-2026-7186
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :Stored cross-site scripting in the URL dashboard widget in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the dashboard.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7186
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :Stored cross-site scripting in the URL dashboard widget in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a dangerous URI scheme such as javascript: that executes scripts in other users' browsers when they view the dashboard.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7765 - User Messages widget leaked issuer messages on shared dashboards
CVE ID :CVE-2026-7765
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :Incorrect authorization in the User Messages dashboard widget in Checkmk <2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by sending requests to the underlying endpoint, even without a User Messages widget present.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7765
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :Incorrect authorization in the User Messages dashboard widget in Checkmk <2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by sending requests to the underlying endpoint, even without a User Messages widget present.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8078 - Fix stored XSS in global settings change log
CVE ID :CVE-2026-8078
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :Stored cross-site scripting in the global settings change log in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the Activate Changes page or Audit log.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8078
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :Stored cross-site scripting in the global settings change log in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the Activate Changes page or Audit log.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8833 - XSS in urls
CVE ID :CVE-2026-8833
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk <2 .5.0p5, 2.2.0 <2.3.0p48, <2.4.0p31,
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8833
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk <2 .5.0p5, 2.2.0 <2.3.0p48, <2.4.0p31,
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-9549 - Fix XSS in service discovery active check output
CVE ID :CVE-2026-9549
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :Stored cross-site scripting in the service discovery active check output in Checkmk <2 .5.0p5, 2.2.0 <2.3.0p48, <2.4.0p31,
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-9549
Published : June 8, 2026, 1:16 p.m. | 1 hour, 44 minutes ago
Description :Stored cross-site scripting in the service discovery active check output in Checkmk <2 .5.0p5, 2.2.0 <2.3.0p48, <2.4.0p31,
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11518 - SourceCodester Inventory System User Management users.php cross site scripting
CVE ID :CVE-2026-11518
Published : June 8, 2026, 1:30 p.m. | 1 hour, 30 minutes ago
Description :A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument fullname/username leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11518
Published : June 8, 2026, 1:30 p.m. | 1 hour, 30 minutes ago
Description :A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument fullname/username leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11519 - SourceCodester Inventory System Account Creation users_handler.php improper authorization
CVE ID :CVE-2026-11519
Published : June 8, 2026, 1:45 p.m. | 1 hour, 15 minutes ago
Description :A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /Product_Inventory/api/users_handler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11519
Published : June 8, 2026, 1:45 p.m. | 1 hour, 15 minutes ago
Description :A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /Product_Inventory/api/users_handler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11520 - SourceCodester Inventory System header.php cross site scripting
CVE ID :CVE-2026-11520
Published : June 8, 2026, 2 p.m. | 1 hour ago
Description :A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Multiple parameters might be affected.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11520
Published : June 8, 2026, 2 p.m. | 1 hour ago
Description :A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Multiple parameters might be affected.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25558 - QloApps 1.7.0 Stored XSS via SVG File Upload in Admin File Manager
CVE ID :CVE-2026-25558
Published : June 8, 2026, 2:01 p.m. | 59 minutes ago
Description :QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG files uploaded through the file manager to execute arbitrary scripts in the browser of any user who subsequently views the file.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-25558
Published : June 8, 2026, 2:01 p.m. | 59 minutes ago
Description :QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG files uploaded through the file manager to execute arbitrary scripts in the browser of any user who subsequently views the file.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...