|
1021
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
eventpoll: fix ep_remove struct eventpoll / struct file UAF
ep_remove() (via ep_remove_file()) cleared file->f_ep under
file->f_l…
|
-
|
CVE-2026-46242
|
2026-06-5 16:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1022
|
3.3 |
LOW
Local
|
-
|
-
|
HCL BigFix Cloud Lifecycle Management is affected by lack of input validation. This low-level flaw allows unauthorized access and may lead to information exposure.
|
-
|
CVE-2025-62338
|
2026-06-5 14:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1023
|
4.1 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by admin_page
|
CWE-79
Cross-site Scripting
|
CVE-2026-37700
|
2026-06-5 11:17 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1024
|
8.1 |
HIGH
Adjacent
|
-
|
-
|
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabl…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-36603
|
2026-06-5 11:17 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1025
|
4.3 |
MEDIUM
Adjacent
|
-
|
-
|
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 discloses kernel memory layout via the UPnP GetStatusInfo action. An unauthenticated attacker on the adjacent network can obtain a raw …
|
CWE-200
Information Exposure
|
CVE-2026-36602
|
2026-06-5 11:17 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1026
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome…
|
CWE-843
Type Confusion
|
CVE-2026-10022
|
2026-06-5 11:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1027
|
4.7 |
MEDIUM
Local
|
linaro
|
op-tee
|
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of t…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-45614
|
2026-06-5 09:20 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1028
|
9.8 |
CRITICAL
Network
|
acer
|
predator_connect_w6x_firmware
|
Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.
|
CWE-77
Command Injection
|
CVE-2026-49199
|
2026-06-5 04:44 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1029
|
9.6 |
CRITICAL
Network
|
huggingface
|
transformers
|
A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-5241
|
2026-06-5 03:54 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1030
|
6.5 |
MEDIUM
Network
|
koha
|
koha
|
Koha versions up to 25.11 contain a Server-Side Request Forgery (SSRF) vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-26379
|
2026-06-5 03:54 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
