|
2621
|
4.3 |
MEDIUM
Adjacent
|
-
|
-
|
Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 discloses kernel memory layout via the UPnP GetStatusInfo action. An unauthenticated attacker on the adjacent network can obtain a raw …
|
CWE-200
Information Exposure
|
CVE-2026-36602
|
2026-06-5 11:17 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2622
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome…
|
CWE-843
Type Confusion
|
CVE-2026-10022
|
2026-06-5 11:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2623
|
4.7 |
MEDIUM
Local
|
linaro
|
op-tee
|
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of t…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-45614
|
2026-06-5 09:20 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2624
|
9.8 |
CRITICAL
Network
|
acer
|
predator_connect_w6x_firmware
|
Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.
|
CWE-77
Command Injection
|
CVE-2026-49199
|
2026-06-5 04:44 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2625
|
9.6 |
CRITICAL
Network
|
huggingface
|
transformers
|
A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-5241
|
2026-06-5 03:54 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2626
|
6.5 |
MEDIUM
Network
|
koha
|
koha
|
Koha versions up to 25.11 contain a Server-Side Request Forgery (SSRF) vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-26379
|
2026-06-5 03:54 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2627
|
8.1 |
HIGH
Network
|
shopify
|
react-router
|
React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution (RCE) through extern…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-42211
|
2026-06-5 03:50 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2628
|
5.4 |
MEDIUM
Network
|
koha
|
koha
|
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features
|
CWE-79
Cross-site Scripting
|
CVE-2026-26378
|
2026-06-5 03:49 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2629
|
6.1 |
MEDIUM
Network
|
shopify
|
react-router
|
React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to p…
|
CWE-601
Open Redirect
|
CVE-2026-40181
|
2026-06-5 03:46 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2630
|
7.5 |
HIGH
Network
|
shopify
turbo-stream
|
react-router
turbo_stream
|
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site Scripting (XSS…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-34077
|
2026-06-5 03:45 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
