|
3151
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
smb: client: reject userspace cifs.spnego descriptions
cifs.spnego key descriptions contain authority-bearing fields such as
pid,…
|
CWE-20
Improper Input Validation
|
CVE-2026-46243
|
2026-06-5 16:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3152
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
eventpoll: fix ep_remove struct eventpoll / struct file UAF
ep_remove() (via ep_remove_file()) cleared file->f_ep under
file->f_l…
|
-
|
CVE-2026-46242
|
2026-06-5 16:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3153
|
3.3 |
LOW
Local
|
-
|
-
|
HCL BigFix Cloud Lifecycle Management is affected by lack of input validation. This low-level flaw allows unauthorized access and may lead to information exposure.
|
-
|
CVE-2025-62338
|
2026-06-5 14:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3154
|
4.1 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by admin_page
|
CWE-79
Cross-site Scripting
|
CVE-2026-37700
|
2026-06-5 11:17 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3155
|
8.1 |
HIGH
Adjacent
|
-
|
-
|
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabl…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-36603
|
2026-06-5 11:17 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3156
|
4.3 |
MEDIUM
Adjacent
|
-
|
-
|
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 discloses kernel memory layout via the UPnP GetStatusInfo action. An unauthenticated attacker on the adjacent network can obtain a raw …
|
CWE-200
Information Exposure
|
CVE-2026-36602
|
2026-06-5 11:17 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3157
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome…
|
CWE-843
Type Confusion
|
CVE-2026-10022
|
2026-06-5 11:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3158
|
4.7 |
MEDIUM
Local
|
linaro
|
op-tee
|
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of t…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-45614
|
2026-06-5 09:20 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3159
|
9.8 |
CRITICAL
Network
|
acer
|
predator_connect_w6x_firmware
|
Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.
|
CWE-77
Command Injection
|
CVE-2026-49199
|
2026-06-5 04:44 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3160
|
9.6 |
CRITICAL
Network
|
huggingface
|
transformers
|
A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-5241
|
2026-06-5 03:54 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
