|
1861
|
8.6 |
HIGH
Network
|
-
|
-
|
The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL in…
|
CWE-89
SQL Injection
|
CVE-2026-3326
|
2026-06-10 20:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1862
|
4.3 |
MEDIUM
Network
|
7-zip
|
7-zip
|
7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parse…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-48102
|
2026-06-10 19:45 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1863
|
- |
|
-
|
-
|
Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files …
|
-
|
CVE-2026-11853
|
2026-06-10 19:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1864
|
- |
|
-
|
-
|
Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relation…
|
-
|
CVE-2026-11852
|
2026-06-10 19:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1865
|
- |
|
-
|
-
|
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP objec…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-10721
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1866
|
- |
|
-
|
-
|
A vulnerability has been found in some Dahua products could
allow an unauthenticated remote attacker to send a specially crafted packet,
triggering an exception that causes the system to reboot unexp…
|
CWE-617
Reachable Assertion
|
CVE-2026-29116
|
2026-06-10 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1867
|
- |
|
-
|
-
|
A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpec…
|
CWE-617
Reachable Assertion
|
CVE-2026-29115
|
2026-06-10 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1868
|
- |
|
-
|
-
|
A vulnerability has been found in some Dahua products. An attacker
may obtain the device’s CA root certificate. If that CA is installed and
trusted on client systems, the attacker could issue fraudul…
|
CWE-538
File and Directory Information Exposure
|
CVE-2026-29114
|
2026-06-10 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1869
|
- |
|
-
|
-
|
An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-11815
|
2026-06-10 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1870
|
7.3 |
HIGH
Local
|
-
|
-
|
A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOL…
|
CWE-59
Link Following
|
CVE-2026-11837
|
2026-06-10 14:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
