|
2291
|
8.6 |
HIGH
Network
|
-
|
-
|
In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsear…
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-47835
|
2026-06-17 00:23 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2292
|
8.6 |
HIGH
Network
|
-
|
-
|
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers.
Af…
|
CWE-346
Origin Validation Error
|
CVE-2026-47825
|
2026-06-17 00:23 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2293
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw an…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-7273
|
2026-06-17 00:23 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2294
|
6.3 |
MEDIUM
Local
|
-
|
-
|
On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintains a global list, xtensa_domain_list, of active memory domains using a list node…
|
CWE-416
Use After Free
|
CVE-2026-10635
|
2026-06-17 00:23 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2295
|
3.7 |
LOW
Network
|
-
|
-
|
In Zephyr's IPv4 IGMP implementation, igmp_send() in subsys/net/ip/igmp.c read the network interface back out of the packet via net_pkt_iface(pkt) after the packet had been handed to net_send_data().…
|
CWE-416
Use After Free
|
CVE-2026-10636
|
2026-06-17 00:23 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2296
|
5.9 |
MEDIUM
Adjacent
|
-
|
-
|
subsys/net/ip/ipv6_mld.c:mld_send() read the packet interface via net_pkt_iface(pkt) after net_send_data(pkt) returned successfully. Per the network stack's ownership contract (include/zephyr/net/net…
|
CWE-416
Use After Free
|
CVE-2026-10637
|
2026-06-17 00:23 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2297
|
5.9 |
MEDIUM
Network
|
-
|
-
|
subsys/net/ip/icmpv6.c reads the network interface from a net_pkt after that packet has been handed to net_try_send_data(). In icmpv6_handle_echo_request() and net_icmpv6_send_error(), the post-send …
|
CWE-416
Use After Free
|
CVE-2026-10638
|
2026-06-17 00:23 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2298
|
4.8 |
MEDIUM
Network
|
-
|
-
|
In Zephyr's native IPv4 stack, icmpv4_handle_echo_request() in subsys/net/ip/icmpv4.c builds an echo-reply packet (reply), hands it to net_try_send_data(), and then, on success, calls net_stats_updat…
|
CWE-416
Use After Free
|
CVE-2026-10639
|
2026-06-17 00:23 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2299
|
4.2 |
MEDIUM
Adjacent
|
-
|
-
|
Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv6_send_ns, net_ipv6_send_rs in subsys/net/ip/ipv6_nbr.c) updated the per-interface ICMP-sent statistics by calling net_pkt_iface(…
|
CWE-416
Use After Free
|
CVE-2026-10640
|
2026-06-17 00:23 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2300
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user i…
|
CWE-862
Missing Authorization
|
CVE-2026-6964
|
2026-06-17 00:22 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
