|
3221
|
- |
|
-
|
-
|
Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-45174
|
2026-06-13 00:30 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3222
|
- |
|
-
|
-
|
Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-45170
|
2026-06-13 00:30 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3223
|
- |
|
-
|
-
|
Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenari…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-45169
|
2026-06-13 00:30 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3224
|
5.3 |
MEDIUM
Network
|
siemens
|
sinec_ins
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used fo…
|
CWE-26
Path Traversal: '/dir/../filename'
|
CVE-2026-46747
|
2026-06-13 00:28 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3225
|
7.8 |
HIGH
Local
|
adobe
|
format_plugins
|
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of …
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-48292
|
2026-06-13 00:19 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3226
|
7.4 |
HIGH
Network
|
-
|
-
|
A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTok…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-50631
|
2026-06-13 00:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3227
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage…
|
CWE-113
HTTP Response Splitting
|
CVE-2026-50630
|
2026-06-13 00:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3228
|
- |
|
-
|
-
|
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticket with a reason containing @everyone, @here, user me…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-47173
|
2026-06-13 00:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3229
|
5.0 |
MEDIUM
Network
|
-
|
-
|
An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2)…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-11850
|
2026-06-13 00:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3230
|
7.8 |
HIGH
Local
|
adobe
|
format_plugins
|
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of …
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-48291
|
2026-06-13 00:15 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
