|
351
|
- |
|
-
|
-
|
Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary …
New
|
-
|
CVE-2026-14241
|
2026-06-30 23:23 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352
|
5.3 |
MEDIUM
Adjacent
|
-
|
-
|
The USB CDC-NCM device class (subsys/usb/device_next/class/usbd_cdc_ncm.c) ignores the return value of usbd_ep_enqueue() in its ethernet transmit callback cdc_ncm_send(). When the enqueue fails, the …
New
|
CWE-833
Deadlock
|
CVE-2026-10647
|
2026-06-30 23:22 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
353
|
6.2 |
MEDIUM
Local
|
-
|
-
|
mcumgr_serial_process_frag() in subsys/mgmt/mcumgr/transport/src/serial_util.c calls net_buf_reset() on the result of smp_packet_alloc() before checking it for NULL. smp_packet_alloc() uses net_buf_a…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-10648
|
2026-06-30 23:22 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354
|
8.1 |
HIGH
Adjacent
|
-
|
-
|
The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6_nbr.c (handle_ra_input, handle_ns_input, handle_na_input) used an incorrect boolean expression that combined the RFC 4861 validity checks wi…
New
|
CWE-290 CWE-670
Authentication Bypass by Spoofing Always-Incorrect Control Flow Implementation
|
CVE-2026-7656
|
2026-06-30 23:22 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355
|
7.5 |
HIGH
Network
|
-
|
-
|
Zephyr's HTTP server (subsys/net/lib/http) provides a static-filesystem resource type (HTTP_RESOURCE_TYPE_STATIC_FS, available when CONFIG_FILE_SYSTEM is enabled) that serves files from a configured …
New
|
CWE-22 CWE-23
Path Traversal Relative Path Traversal
|
CVE-2026-8023
|
2026-06-30 23:22 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
356
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Cross Site Request Forgery vulnerability in Squidex.io Squidex CMS v.7.21.0 and before allows a remote attacker to escalate privileges via the IdentityServer account profile endpoint
New
|
CWE-352
Origin Validation Error
|
CVE-2026-31016
|
2026-06-30 23:22 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357
|
9.1 |
CRITICAL
Network
|
-
|
-
|
An issue in Alexantr filemanager v.1.0 allows a remote attacker to execute arbitrary code via the filemanager.php component
New
|
CWE-94
Code Injection
|
CVE-2026-37637
|
2026-06-30 23:22 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
358
|
7.8 |
HIGH
Local
|
-
|
-
|
PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe (\\.\pipe\PBackupVSS) with a DACL that grants GENERIC_READ and GENERIC_WRITE permissions to all authenticated …
New
|
CWE-276 CWE-426
Incorrect Default Permissions Untrusted Search Path
|
CVE-2026-57919
|
2026-06-30 23:22 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
359
|
7.5 |
HIGH
Network
|
-
|
-
|
A buffer overflow in the Get_Attribute_List function of EIPStackGroup OpENer commit 76b95c allows attackers to cause a Denial of Service (DoS) via supplying a crafted Common Packet Format (CPF) packe…
New
|
CWE-284
Improper Access Control
|
CVE-2026-51221
|
2026-06-30 23:22 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
360
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A heap buffer overflow in the TS7Worker::PerformFunctionWrite() function (/core/s7_server.cpp) of snap7 v1.4.3 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-51218
|
2026-06-30 23:22 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|