|
1061
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_sampler
|
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-34709
|
2026-06-11 22:05 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1062
|
7.8 |
HIGH
Local
|
-
|
-
|
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trust_remote_code=True" enables HF supply-chain RCE without user opt-in. …
|
CWE-94
CWE-915
CWE-1188
Code Injection
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Insecure Default Initialization of Resource
|
CVE-2026-46517
|
2026-06-11 21:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1063
|
- |
|
-
|
-
|
A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device.
|
CWE-20
Improper Input Validation
|
CVE-2026-9213
|
2026-06-11 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1064
|
- |
|
-
|
-
|
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks im…
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-0420
|
2026-06-11 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1065
|
- |
|
-
|
-
|
An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intende…
|
CWE-20
Improper Input Validation
|
CVE-2026-0416
|
2026-06-11 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1066
|
- |
|
-
|
-
|
A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification …
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-0413
|
2026-06-11 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1067
|
- |
|
-
|
-
|
An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network to gain administrator access to the Orbi router. The listed NE…
|
CWE-200
Information Exposure
|
CVE-2026-0411
|
2026-06-11 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1068
|
- |
|
-
|
-
|
Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain …
|
CWE-20
CWE-306
Improper Input Validation
Missing Authentication for Critical Function
|
CVE-2026-9212
|
2026-06-11 14:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1069
|
8.8 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middlewar…
|
CWE-862
Missing Authorization
|
CVE-2026-46444
|
2026-06-11 13:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1070
|
6.5 |
MEDIUM
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData…
|
CWE-200
Information Exposure
|
CVE-2026-46443
|
2026-06-11 13:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
