|
1251
|
7.5 |
HIGH
Network
|
-
|
-
|
Issue summary: When a partial-chain certificate verification is enabled
together with OCSP response checking for the whole chain, a NULL dereference
will happen if the verified chain does not have a …
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42765
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1252
|
7.5 |
HIGH
Network
|
-
|
-
|
Issue summary: Receiving a QUIC initial packet with an invalid token may
trigger a NULL pointer dereference in the OpenSSL QUIC server with
address validation disabled.
Impact summary: NULL pointer …
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42764
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1253
|
- |
|
-
|
-
|
Issue summary: A malicious server can exploit TLS OCSP stapling by delivering
a crafted response through the status_request extension, triggering a
double-free in the client's certificate verificatio…
|
CWE-415
Double Free
|
CVE-2026-35188
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1254
|
7.5 |
HIGH
Network
|
-
|
-
|
Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive
element whose content exceeds 2 gigabytes in length may cause a heap buffer
over-read on 64-bit Unix and Unix-like platfo…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-34180
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1255
|
- |
|
-
|
-
|
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP objec…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-10721
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1256
|
- |
|
-
|
-
|
A vulnerability has been found in some Dahua products could
allow an unauthenticated remote attacker to send a specially crafted packet,
triggering an exception that causes the system to reboot unexp…
|
CWE-617
Reachable Assertion
|
CVE-2026-29116
|
2026-06-10 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1257
|
- |
|
-
|
-
|
A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpec…
|
CWE-617
Reachable Assertion
|
CVE-2026-29115
|
2026-06-10 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1258
|
- |
|
-
|
-
|
A vulnerability has been found in some Dahua products. An attacker
may obtain the device’s CA root certificate. If that CA is installed and
trusted on client systems, the attacker could issue fraudul…
|
CWE-538
File and Directory Information Exposure
|
CVE-2026-29114
|
2026-06-10 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1259
|
- |
|
-
|
-
|
An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-11815
|
2026-06-10 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1260
|
7.3 |
HIGH
Local
|
-
|
-
|
A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOL…
|
CWE-59
Link Following
|
CVE-2026-11837
|
2026-06-10 14:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
