|
2401
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting clie…
|
CWE-415
Double Free
|
CVE-2026-12043
|
2026-06-17 00:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2402
|
7.5 |
HIGH
Network
|
-
|
-
|
form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `field` argument to `FormData#append` and the `filename` option are concatenated verbatim into…
|
CWE-93
CRLF Injection
|
CVE-2026-12143
|
2026-06-17 00:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2403
|
7.5 |
HIGH
Network
|
-
|
-
|
IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser.
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-4870
|
2026-06-17 00:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2404
|
- |
|
-
|
-
|
We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escalation vulnerability in the Grafana Operator.
### S…
|
CWE-22
Path Traversal
|
CVE-2026-11769
|
2026-06-17 00:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2405
|
- |
|
-
|
-
|
The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users ha…
|
CWE-346
Origin Validation Error
|
CVE-2026-11624
|
2026-06-17 00:42 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2406
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions …
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-11931
|
2026-06-17 00:42 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2407
|
- |
|
-
|
-
|
Potential security vulnerabilities have been identified in the HP One
Agent for certain HP PC products, which might allow
for escalation of privilege and/or denial of service. HP
is …
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-5064
|
2026-06-17 00:42 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2408
|
5.5 |
MEDIUM
Network
|
-
|
-
|
Improper host validation in the social login autofill feature in
Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to
disclose stored social login credentials via a crafted web entry
…
|
CWE-297
Improper Validation of Certificate with Host Mismatch
|
CVE-2026-12162
|
2026-06-17 00:42 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2409
|
5.6 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the `extract_p…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-1764
|
2026-06-17 00:42 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2410
|
5.6 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch (previously known as tracker-miners). This vulnerability, a heap buffer overflow, occurs when processing specially crafted…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-1765
|
2026-06-17 00:42 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
