|
571
|
5.8 |
MEDIUM
Network
|
-
|
-
|
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is …
Update
|
CWE-1023
Incomplete Comparison with Missing Factors
|
CVE-2026-7473
|
2026-06-10 03:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
572
|
8.8 |
HIGH
Network
|
-
|
-
|
The RemoteControl API methods invite_participants and remind_participants pass a caller-supplied token-ID array into TokenDynamic::findUninvited(), which concatenates the values directly into a tid I…
New
|
CWE-89
SQL Injection
|
CVE-2026-50636
|
2026-06-10 03:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
573
|
8.8 |
HIGH
Network
|
-
|
-
|
LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the d…
New
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-50635
|
2026-06-10 03:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
574
|
7.8 |
HIGH
Local
|
-
|
-
|
Missing authentication for critical function in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-50512
|
2026-06-10 03:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
575
|
7.8 |
HIGH
Local
|
-
|
-
|
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
New
|
CWE-59
Link Following
|
CVE-2026-50511
|
2026-06-10 03:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
576
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoi…
New
|
CWE-862
Missing Authorization
|
CVE-2026-49956
|
2026-06-10 03:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
577
|
7.8 |
HIGH
Local
|
-
|
-
|
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-48293
|
2026-06-10 03:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
578
|
8.1 |
HIGH
Network
|
-
|
-
|
Improper authorization in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.
New
|
CWE-285
Improper Authorization
|
CVE-2026-45503
|
2026-06-10 03:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
579
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to perform spoofing over a network.
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45501
|
2026-06-10 03:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
580
|
6.3 |
MEDIUM
Local
|
-
|
-
|
Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could p…
New
|
CWE-59
Link Following
|
CVE-2026-44275
|
2026-06-10 03:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
