|
921
|
8.0 |
HIGH
Adjacent
|
mediatek
|
mt6890_firmware
mt7615_firmware
mt7915_firmware
mt7916_firmware
mt7981_firmware
mt7986_firmware
mt7990_firmware
mt7992_firmware
mt7993_firmware
|
In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User intera…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-20452
|
2026-06-2 03:12 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
922
|
6.7 |
MEDIUM
Local
|
mediatek
|
mt6739_firmware
mt6761_firmware
mt6765_firmware
mt6768_firmware
mt6781_firmware
mt6789_firmware
mt6835_firmware
mt6853_firmware
mt6855_firmware
mt6877_firmware
mt6878_fi…
|
In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. U…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-20453
|
2026-06-2 03:11 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
923
|
- |
|
-
|
-
|
A critical Remote Code Execution (RCE) vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3.
New
|
CWE-94
Code Injection
|
CVE-2026-8931
|
2026-06-2 03:09 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
924
|
6.4 |
MEDIUM
Local
|
mediatek
|
mt6739_firmware
mt6761_firmware
mt6765_firmware
mt6768_firmware
mt6781_firmware
mt6789_firmware
mt6835_firmware
mt6853_firmware
mt6855_firmware
mt6877_firmware
mt6878_fi…
|
In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User in…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-20454
|
2026-06-2 03:09 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
925
|
7.3 |
HIGH
Network
|
-
|
-
|
picoclaw <=v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component (pkg/tools/shell.go). The guardCommand() function attempts to restrict shell command execution using a d…
Update
|
CWE-78
OS Command
|
CVE-2026-36045
|
2026-06-2 03:09 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
926
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields (e.g., codec/mime/profile strings). gf_media…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-70116
|
2026-06-2 03:09 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
927
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass.
Update
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2025-67903
|
2026-06-2 03:09 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
928
|
3.7 |
LOW
Network
|
-
|
-
|
Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control.
Update
|
CWE-269
Improper Privilege Management
|
CVE-2026-33552
|
2026-06-2 03:09 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
929
|
3.1 |
LOW
Network
|
-
|
-
|
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
Update
|
CWE-22
Path Traversal
|
CVE-2026-49009
|
2026-06-2 03:09 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
930
|
7.8 |
HIGH
Local
|
-
|
-
|
Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can l…
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-27788
|
2026-06-2 03:09 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
