|
551
|
8.8 |
HIGH
Network
|
nsa
|
ghidra
|
Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by pres…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-52754
|
2026-06-12 04:52 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
552
|
5.5 |
MEDIUM
Local
|
nsa
|
ghidra
|
Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-52753
|
2026-06-12 04:52 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
553
|
5.7 |
MEDIUM
Adjacent
|
microsoft
|
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2022
windows_server_2025
|
Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network.
Update
|
CWE-131
Incorrect Calculation of Buffer Size
|
CVE-2026-42915
|
2026-06-12 04:52 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
554
|
7.8 |
HIGH
Local
|
nsa
|
ghidra
|
Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with travers…
New
|
CWE-22
Path Traversal
|
CVE-2026-52752
|
2026-06-12 04:52 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
555
|
8.8 |
HIGH
Network
|
nsa
|
ghidra
|
Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a maliciou…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-52751
|
2026-06-12 04:51 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
556
|
5.3 |
MEDIUM
Network
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Windows Kerberos Denial of Service Vulnerability
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42914
|
2026-06-12 04:51 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
557
|
7.8 |
HIGH
Local
|
nsa
|
ghidra
|
Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands und…
New
|
CWE-88
Argument Injection
|
CVE-2026-52750
|
2026-06-12 04:51 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
558
|
8.8 |
HIGH
Network
|
nsa
|
ghidra
|
Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE …
New
|
CWE-89
SQL Injection
|
CVE-2026-49498
|
2026-06-12 04:50 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
559
|
3.3 |
LOW
Local
|
nsa
|
ghidra
|
Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attacke…
New
|
CWE-22
Path Traversal
|
CVE-2026-49497
|
2026-06-12 04:50 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
560
|
6.1 |
MEDIUM
Local
|
nsa
|
ghidra
|
Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vecto…
New
|
CWE-416
Use After Free
|
CVE-2026-49496
|
2026-06-12 04:50 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
