|
411
|
- |
|
-
|
-
|
An integer underflow in bt_mesh_sol_recv() in the Bluetooth Mesh solicitation handling (subsys/bluetooth/mesh/solicitation.c) leads to an out-of-bounds write. When CONFIG_BT_MESH_OD_PRIV_PROXY_SRV is…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-5589
|
2026-06-6 01:06 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
412
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c). When the TLS session cache is enabled, tls_session_…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-5066
|
2026-06-6 01:06 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
413
|
4.5 |
MEDIUM
Local
|
-
|
-
|
In Mimecast Incydr before 2.6.0, arbitrary file access can occur.
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-50590
|
2026-06-6 01:06 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
414
|
7.3 |
HIGH
Local
|
-
|
-
|
Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range.
New
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-50593
|
2026-06-6 01:06 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
415
|
6.3 |
MEDIUM
Local
|
-
|
-
|
NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can e…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-21404
|
2026-06-6 01:05 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
416
|
6.1 |
MEDIUM
Network
|
-
|
-
|
HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-21825
|
2026-06-6 01:05 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
417
|
6.1 |
MEDIUM
Network
|
-
|
-
|
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected …
New
|
CWE-601
Open Redirect
|
CVE-2026-21826
|
2026-06-6 01:05 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
418
|
- |
|
-
|
-
|
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the…
New
|
CWE-78
OS Command
|
CVE-2026-21837
|
2026-06-6 01:05 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
419
|
- |
|
-
|
-
|
A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.
New
|
CWE-284
Improper Access Control
|
CVE-2026-48907
|
2026-06-6 01:05 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
420
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.559 due to improper sanitization of user input in text fields when creating…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-65640
|
2026-06-6 01:04 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
