|
671
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names …
New
|
CWE-862
Missing Authorization
|
CVE-2026-53439
|
2026-06-11 22:06 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
672
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_sampler
|
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-34709
|
2026-06-11 22:05 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
673
|
7.8 |
HIGH
Local
|
-
|
-
|
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trust_remote_code=True" enables HF supply-chain RCE without user opt-in. …
New
|
CWE-94
CWE-915
CWE-1188
Code Injection
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Insecure Default Initialization of Resource
|
CVE-2026-46517
|
2026-06-11 21:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
674
|
- |
|
-
|
-
|
A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device.
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-9213
|
2026-06-11 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
675
|
- |
|
-
|
-
|
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks im…
Update
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-0420
|
2026-06-11 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
676
|
- |
|
-
|
-
|
An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intende…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-0416
|
2026-06-11 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
677
|
- |
|
-
|
-
|
A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification …
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-0413
|
2026-06-11 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
678
|
- |
|
-
|
-
|
An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network to gain administrator access to the Orbi router. The listed NE…
Update
|
CWE-200
Information Exposure
|
CVE-2026-0411
|
2026-06-11 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
679
|
- |
|
-
|
-
|
Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain …
Update
|
CWE-20
CWE-306
Improper Input Validation
Missing Authentication for Critical Function
|
CVE-2026-9212
|
2026-06-11 14:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
680
|
8.8 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middlewar…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-46444
|
2026-06-11 13:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
