|
3631
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatte…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-10118
|
2026-06-2 03:12 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3632
|
8.0 |
HIGH
Adjacent
|
mediatek
|
mt6890_firmware
mt7615_firmware
mt7915_firmware
mt7916_firmware
mt7981_firmware
mt7986_firmware
mt7990_firmware
mt7992_firmware
mt7993_firmware
|
In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User intera…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-20452
|
2026-06-2 03:12 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3633
|
6.7 |
MEDIUM
Local
|
mediatek
|
mt6739_firmware
mt6761_firmware
mt6765_firmware
mt6768_firmware
mt6781_firmware
mt6789_firmware
mt6835_firmware
mt6853_firmware
mt6855_firmware
mt6877_firmware
mt6878_fi…
|
In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. U…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-20453
|
2026-06-2 03:11 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3634
|
- |
|
-
|
-
|
A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3.
|
CWE-94
Code Injection
|
CVE-2026-8931
|
2026-06-2 03:09 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3635
|
6.4 |
MEDIUM
Local
|
mediatek
|
mt6739_firmware
mt6761_firmware
mt6765_firmware
mt6768_firmware
mt6781_firmware
mt6789_firmware
mt6835_firmware
mt6853_firmware
mt6855_firmware
mt6877_firmware
mt6878_fi…
|
In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User in…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-20454
|
2026-06-2 03:09 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3636
|
7.3 |
HIGH
Network
|
-
|
-
|
picoclaw <=v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component (pkg/tools/shell.go). The guardCommand() function attempts to restrict shell command execution using a d…
|
CWE-78
OS Command
|
CVE-2026-36045
|
2026-06-2 03:09 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3637
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields (e.g., codec/mime/profile strings). gf_media…
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-70116
|
2026-06-2 03:09 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3638
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2025-67903
|
2026-06-2 03:09 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3639
|
3.7 |
LOW
Network
|
-
|
-
|
Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control.
|
CWE-269
Improper Privilege Management
|
CVE-2026-33552
|
2026-06-2 03:09 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3640
|
3.1 |
LOW
Network
|
-
|
-
|
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
|
CWE-22
Path Traversal
|
CVE-2026-49009
|
2026-06-2 03:09 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
