|
1441
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when app…
|
CWE-193
Off-by-one Error
|
CVE-2026-42015
|
2026-06-3 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1442
|
8.2 |
HIGH
Network
|
-
|
-
|
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) fiel…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-42013
|
2026-06-3 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1443
|
7.1 |
HIGH
Network
|
-
|
-
|
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject A…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-42012
|
2026-06-3 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1444
|
6.5 |
MEDIUM
Network
|
apache
|
flink_kubernetes_operator
|
Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator.
The FlinkSessionJob jarURI is currently not validated so th…
|
CWE-552
CWE-918
Files or Directories Accessible to External Parties
Server-Side Request Forgery (SSRF)
|
CVE-2026-40564
|
2026-06-3 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1445
|
- |
|
-
|
-
|
Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory.
The documentation.pages …
|
CWE-22
Path Traversal
|
CVE-2026-32685
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1446
|
4.3 |
MEDIUM
Network
|
-
|
-
|
NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in version 2.2.4 in the id parameter of the endpoint `/index.php?route=/queri…
|
CWE-79
Cross-site Scripting
|
CVE-2026-32250
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1447
|
7.8 |
HIGH
Local
|
google
|
android
|
In validateNode of ResourceTypes.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-0076
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1448
|
7.5 |
HIGH
Network
|
-
|
-
|
A NULL pointer dereference in the ext4_dir_en_get_name_len function in include/ext4_dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesyste…
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-70099
|
2026-06-3 01:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1449
|
6.6 |
MEDIUM
Network
|
jenkins
|
ldap
|
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-48917
|
2026-06-3 01:14 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1450
|
6.6 |
MEDIUM
Network
|
jenkins
|
ldap
|
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-48916
|
2026-06-3 01:13 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
