|
351
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A stack overflow in the AP4_StsdAtom::AP4_StsdAtom component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-36907
|
2026-06-29 23:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352
|
9.6 |
CRITICAL
Network
|
-
|
-
|
mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec() function regis…
Update
|
CWE-94
Code Injection
|
CVE-2026-33646
|
2026-06-29 23:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
353
|
7.1 |
HIGH
Network
|
-
|
-
|
The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No fi…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-33560
|
2026-06-29 23:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354
|
8.8 |
HIGH
Network
|
-
|
-
|
Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharact…
New
|
CWE-78
OS Command
|
CVE-2026-32833
|
2026-06-29 23:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths.
New
|
CWE-22
Path Traversal
|
CVE-2026-28701
|
2026-06-29 23:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
356
|
8.1 |
HIGH
Network
|
-
|
-
|
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription act…
New
|
-
|
CVE-2026-10820
|
2026-06-29 23:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357
|
7.5 |
HIGH
Network
|
-
|
-
|
The APCu Manager WordPress plugin before 4.5.0 does not escape APCu object-cache keys before rendering them in an admin-area page, leading to a Stored Cross-Site Scripting vulnerability. When a persi…
New
|
-
|
CVE-2026-10083
|
2026-06-29 23:16 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
358
|
- |
|
-
|
-
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in ExtractTextInformationBlock…
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2025-32423
|
2026-06-29 23:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
359
|
7.5 |
HIGH
Network
|
ollama
|
ollama
|
Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive …
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-5757
|
2026-06-29 22:49 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
360
|
5.3 |
MEDIUM
Network
|
fasterxml
|
jackson-databind
|
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextua…
Update
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-54515
|
2026-06-29 22:38 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
