|
2931
|
4.9 |
MEDIUM
Network
|
macgregor
|
interschalt_vdr_g4e_firmware
|
The administrator account for the
Danelec MacGregor Voyage Data Recorder
web interface can directly edit sensitive files related to authentication, potentially changing the root password.
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-40425
|
2026-06-4 05:54 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2932
|
4.3 |
MEDIUM
Network
|
nextcloud
|
calendar
|
Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance …
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-45286
|
2026-06-4 05:35 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2933
|
6.4 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder or file with a Nextcloud Team that includes…
|
CWE-862
Missing Authorization
|
CVE-2026-45285
|
2026-06-4 05:34 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2934
|
8.8 |
HIGH
Network
|
nextcloud
|
user_oidc
|
Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user …
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-45284
|
2026-06-4 05:28 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2935
|
8.6 |
HIGH
Network
|
openairinterface
|
openairinterface5g
|
An issue was discovered in OpenAirInterface5G 2.4.0 (nr-softmodem) in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fill_RRU_PrbTotDl() and fill_RRU_PrbTotUl() in open…
|
CWE-369
Divide By Zero
|
CVE-2026-37232
|
2026-06-4 05:26 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2936
|
2.7 |
LOW
Network
|
projectcapsule
|
capsule
|
Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate …
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-30963
|
2026-06-4 05:22 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2937
|
7.8 |
HIGH
Local
|
google
|
android_xr
|
In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional executi…
|
CWE-285
Improper Authorization
|
CVE-2026-0072
|
2026-06-4 05:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2938
|
7.5 |
HIGH
Network
|
juliangruber
|
brace-expansion
|
The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large num…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-45149
|
2026-06-4 05:13 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2939
|
5.4 |
MEDIUM
Network
|
mozilla
|
firefox
|
Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted wit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9308
|
2026-06-4 05:02 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2940
|
5.4 |
MEDIUM
Network
|
mozilla
|
firefox
|
Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These pa…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9309
|
2026-06-4 05:02 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
