|
281
|
6.5 |
MEDIUM
Network
|
aten
|
unizon
|
ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Aut…
New
|
CWE-22
Path Traversal
|
CVE-2026-9774
|
2026-06-28 03:59 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282
|
9.8 |
CRITICAL
Network
|
jetbrains
|
youtrack
|
In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack
New
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-57926
|
2026-06-28 03:51 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283
|
4.3 |
MEDIUM
Network
|
wolfssl
|
wolfssl
|
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing.
New
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-6412
|
2026-06-28 03:41 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284
|
5.3 |
MEDIUM
Network
|
wolfssl
|
wolfssl
|
A CRL critical extension bypass exists in ParseCRL_Extensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This onl…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-6450
|
2026-06-28 03:32 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix NULL pointer dereference in bpf_sk_storage_clone and diag paths
bpf_selem_unlink_nofail() sets SDATA(selem)->smap to NUL…
New
|
-
|
CVE-2026-52938
|
2026-06-27 20:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286
|
- |
|
-
|
-
|
The CONS_HISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller…
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-49416
|
2026-06-27 19:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287
|
- |
|
-
|
-
|
The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disabl…
New
|
CWE-179
Incorrect Behavior Order: Early Validation
|
CVE-2026-49414
|
2026-06-27 19:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288
|
- |
|
-
|
-
|
Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. The freed memory could then be reused elsewhere while still accessible th…
New
|
CWE-416
Use After Free
|
CVE-2026-49417
|
2026-06-27 18:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289
|
- |
|
-
|
-
|
The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is not yet set at the point where the auxiliary vector i…
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-49413
|
2026-06-27 18:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290
|
- |
|
-
|
-
|
The kernel handler for IPV6_MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. During this window another thread could free the mul…
New
|
CWE-416
Use After Free
|
CVE-2026-49412
|
2026-06-27 18:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
