GHSA-FX2H-PF6J-XCFF vite: `server.fs.deny` bypass on Windows alternate paths

Summary The contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file...

CVE-2026-52704

creationtimestamp| type| source ---|---|--- 2026-06-15 15:00:13+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3modkepmag52l 2026-06-15 15:00:19+00:00| seen| https://infosec.exchange/users/offseq/statuses/116754717813611535 2026-06-15 15:56:20+00:00| seen|...

sql_injection_exploit.sh

sqlinjectionexpl...

CVE-2026-12217

creationtimestamp| type| source ---|---|--- 2026-06-15 04:30:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116752241414863988 2026-06-15 04:30:27+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3moch6lbnsc2i 2026-06-15 05:00:05+00:00| seen|...

EUVD-2026-36677

A vulnerability has been found in Intelliants Subrion CMS up to 4.0.3. Affected by this issue is some unknown functionality of the component Blocks Endpoint. Such manipulation of the argument CSS class name leads to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2026-12193

creationtimestamp| type| source ---|---|--- 2026-06-15 00:00:36+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3moby42wvt52y 2026-06-15 00:00:38+00:00| seen| https://infosec.exchange/users/offseq/statuses/116751180370821217 2026-06-15 01:00:26+00:00| seen|...

CVE-2026-50869

An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request...

PT-2026-49351

Unauthenticated Cross Site Scripting XSS in Okay Toolkit = 2.3 versions...

PT-2026-49394

Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...

PT-2026-49358

Unauthenticated PHP Object Injection in Broadcast Live Video 7.1.3 versions...

PT-2026-49441

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

PT-2026-49518

Unauthenticated SQL Injection in eCommerce Product Catalog = 3.5.5 versions...

PT-2026-49510

Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce = 3.1.4 versions...

PT-2026-49449

Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...

ROS-20260615-73-0042

The vulnerability of the persistentcachereadentryv3 function in the RDP client FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow an attacker to compromise the integrity and accessibility of protected information...

PT-2026-49442

Unauthenticated Broken Access Control in Classified Listing = 5.3.8 versions...

PT-2026-49392

Unauthenticated Cross Site Scripting XSS in Paid Member Subscriptions = 2.17.3 versions...

PT-2026-49467

Unauthenticated Other Vulnerability Type in WpEvently = 5.3.3 versions...

PT-2026-49377

Name of the Vulnerable Software and Affected Versions ShortPixel Image Optimizer versions prior to 6.4.4 Description PHP Object Injection occurs in the software. This issue allows an attacker to inject malicious objects into the application, which can lead to unauthorized code execution or other...

PT-2026-49479

Unauthenticated Cross Site Scripting XSS in MW WP Form = 5.1.3 versions...