|
501
|
6.5 |
MEDIUM
Network
|
nsa
|
ghidra
|
Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operation…
Update
|
CWE-22
Path Traversal
|
CVE-2026-52756
|
2026-06-12 10:18 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
502
|
4.4 |
MEDIUM
Local
|
nsa
|
ghidra
|
Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafti…
Update
|
CWE-416
Use After Free
|
CVE-2026-52757
|
2026-06-12 10:10 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
503
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attacke…
Update
|
CWE-601
Open Redirect
|
CVE-2026-53440
|
2026-06-12 10:03 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
504
|
5.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenki…
Update
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2026-53442
|
2026-06-12 09:59 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
505
|
7.2 |
HIGH
Network
|
apache
|
answer
|
Improper Restriction of Security Token Assignment vulnerability in Apache Answer.
This issue affects Apache Answer: through 2.0.0.
Previously issued administrative tokens were not invalidated after…
Update
|
CWE-1259
Improper Restriction of Security Token Assignment
|
CVE-2026-25700
|
2026-06-12 09:50 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
506
|
8.3 |
HIGH
Network
|
plane
|
plane
|
Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in …
Update
|
CWE-639
CWE-862
Authorization Bypass Through User-Controlled Key
Missing Authorization
|
CVE-2026-46558
|
2026-06-12 09:49 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
507
|
5.3 |
MEDIUM
Network
|
openfga
|
helm_charts
openfga
|
OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to O…
Update
|
CWE-345
CWE-668
Insufficient Verification of Data Authenticity
Exposure of Resource to Wrong Sphere
|
CVE-2026-48096
|
2026-06-12 09:46 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
508
|
- |
|
-
|
-
|
Rejected reason: This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis determined that the addressed defect is not reachable in any released version of Zephyr: on every sup…
New
|
-
|
CVE-2026-10676
|
2026-06-12 09:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
509
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortisandbox
fortisandbox_cloud
fortisandbox_paas
|
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox…
Update
|
CWE-78
OS Command
|
CVE-2026-25089
|
2026-06-12 06:39 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
510
|
6.5 |
MEDIUM
Network
|
fortinet
|
fortiportal
|
A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via <i…
Update
|
CWE-284
Improper Access Control
|
CVE-2026-49938
|
2026-06-12 06:32 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
