|
691
|
7.8 |
HIGH
Local
|
nvidia
|
nvtabular
|
NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampe…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-24237
|
2026-06-5 02:40 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
692
|
6.1 |
MEDIUM
Physics
|
dell
|
thinos
|
Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerabilit…
Update
|
CWE-284
Improper Access Control
|
CVE-2026-40713
|
2026-06-5 02:37 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
693
|
7.8 |
HIGH
Local
|
dell
|
thinos
|
Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, le…
Update
|
CWE-284
Improper Access Control
|
CVE-2026-40715
|
2026-06-5 02:29 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
694
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3.
New
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-10701
|
2026-06-5 02:25 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
695
|
- |
|
-
|
-
|
Net::CIDR::Set versions through 0.20 for Perl did not validate network masks.
The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One (U+0661), or non-digits, wh…
New
|
CWE-1289
Improper Validation of Unsafe Equivalence in Input
|
CVE-2026-49942
|
2026-06-5 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
696
|
- |
|
-
|
-
|
Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses.
The add method called the _encode method to parse addresses. If the addresses did not look like netmasks or network range…
New
|
CWE-674
CWE-1287
Uncontrolled Recursion
Improper Validation of Specified Type of Input
|
CVE-2026-49941
|
2026-06-5 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
697
|
- |
|
-
|
-
|
Etsy::StatsD versions through 1.002002 for Perl allow metric injections.
The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inj…
New
|
CWE-93
CRLF Injection
|
CVE-2026-46741
|
2026-06-5 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
698
|
- |
|
-
|
-
|
Net::Statsd versions before 0.13 for Perl allow metric injections.
The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional st…
New
|
CWE-93
CRLF Injection
|
CVE-2026-46739
|
2026-06-5 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
699
|
5.3 |
MEDIUM
Network
|
-
|
-
|
OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes `Parse` to process arbitrarily large/invalid baggage headers and log …
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-41178
|
2026-06-5 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
700
|
7.1 |
HIGH
Physics
|
-
|
-
|
GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to extract these active toke…
New
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2026-36176
|
2026-06-5 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
