|
531
|
6.8 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in…
New
|
CWE-416
Use After Free
|
CVE-2026-13595
|
2026-06-30 12:17 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
532
|
7.4 |
HIGH
Network
|
-
|
-
|
A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker …
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-12992
|
2026-06-30 12:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
533
|
8.5 |
HIGH
Network
|
-
|
-
|
A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml() method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An at…
Update
|
CWE-611
XXE
|
CVE-2026-12975
|
2026-06-30 12:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
534
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of …
Update
|
CWE-287
Improper Authentication
|
CVE-2026-12112
|
2026-06-30 12:17 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
535
|
7.6 |
HIGH
Network
|
-
|
-
|
A flaw in AngularJS' Strict Contextual Escaping (SCE) logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's b…
Update
|
CWE-791 CWE-79
Incomplete Filtering of Special Elements Cross-site Scripting
|
CVE-2026-11998
|
2026-06-30 12:17 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
536
|
8.1 |
HIGH
Network
|
-
|
-
|
A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forg…
Update
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-11800
|
2026-06-30 12:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
537
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
Update
|
CWE-89 CWE-770
SQL Injection Allocation of Resources Without Limits or Throttling
|
CVE-2025-61028
|
2026-06-30 12:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
538
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in the st_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
Update
|
CWE-89
SQL Injection
|
CVE-2025-61023
|
2026-06-30 12:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
539
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in the sqlo_strip_in_join component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
Update
|
CWE-89
SQL Injection
|
CVE-2025-61020
|
2026-06-30 12:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
540
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
Update
|
CWE-89
SQL Injection
|
CVE-2025-61018
|
2026-06-30 12:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|