|
691
|
6.5 |
MEDIUM
Network
|
silabs
|
emberznet
|
In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-47148
|
2026-06-26 03:48 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
692
|
7.1 |
HIGH
Network
|
silabs
|
emberznet
|
In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and locatio…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-47147
|
2026-06-26 03:47 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
693
|
6.5 |
MEDIUM
Network
|
silabs
|
emberznet
|
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devi…
New
|
CWE-617
Reachable Assertion
|
CVE-2026-47146
|
2026-06-26 03:46 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
694
|
6.5 |
MEDIUM
Network
|
silabs
|
emberznet
|
In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devi…
New
|
CWE-617
Reachable Assertion
|
CVE-2026-47145
|
2026-06-26 03:46 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
695
|
5.4 |
MEDIUM
Network
|
jenkins
|
assembla
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username and password.
New
|
CWE-352
Origin Validation Error
|
CVE-2026-57305
|
2026-06-26 03:46 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
696
|
5.4 |
MEDIUM
Network
|
jenkins
|
assembla
|
A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and pa…
New
|
CWE-862
Missing Authorization
|
CVE-2026-57304
|
2026-06-26 03:46 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
697
|
7.1 |
HIGH
Network
|
jenkins
|
assembla
|
Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers able to control the responses of the configured Assembla ser…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-57303
|
2026-06-26 03:45 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
698
|
7.5 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompre…
New
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-54314
|
2026-06-26 03:42 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
699
|
7.7 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace opera…
New
|
CWE-89
SQL Injection
|
CVE-2026-54313
|
2026-06-26 03:42 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
700
|
8.5 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL…
New
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-54312
|
2026-06-26 03:41 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
