|
371
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-44622
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
372
|
9.4 |
CRITICAL
Network
|
-
|
-
|
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensiti…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-40702
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
373
|
7.5 |
HIGH
Network
|
-
|
-
|
A reachable unwrap in the __assert_fail function (/assert/mod.rs) of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted string.
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-38640
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
374
|
4.2 |
MEDIUM
Network
|
-
|
-
|
The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Googl…
New
|
CWE-862
Missing Authorization
|
CVE-2026-2299
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
375
|
8.1 |
HIGH
Network
|
-
|
-
|
vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability
New
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-22879
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
376
|
- |
|
-
|
-
|
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.35 in Java applications, allows an attacker to execute arbitrary code circumvent…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-13006
|
2026-06-26 23:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
377
|
8.2 |
HIGH
Network
|
-
|
-
|
Two data sources (DICOMWebProxy and DICOMJSON) shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-12473
|
2026-06-26 23:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
378
|
6.1 |
MEDIUM
Local
|
-
|
-
|
A use-after-free in the gf_filter_pid_inst_swap function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted …
New
|
CWE-416
Use After Free
|
CVE-2025-60465
|
2026-06-26 23:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
379
|
7.8 |
HIGH
Local
|
-
|
-
|
A use-after-free in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafte…
New
|
CWE-416
Use After Free
|
CVE-2025-60464
|
2026-06-26 23:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
380
|
7.8 |
HIGH
Local
|
mmaitre314
|
picklescan
|
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that execut…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-71357
|
2026-06-26 23:14 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
