|
401
|
7.8 |
HIGH
Local
|
anydesk
|
anydesk
|
AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can insert mal…
New
|
CWE-428
Unquoted Search Path or Element
|
CVE-2016-20094
|
2026-06-26 22:02 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
402
|
7.8 |
HIGH
Local
|
malwarebytes
|
malwarebytes
|
Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path…
New
|
CWE-428
Unquoted Search Path or Element
|
CVE-2022-50971
|
2026-06-26 21:59 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
403
|
6.5 |
MEDIUM
Network
|
struktur
|
libheif
|
libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unit_offset + unit_size. Becau…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-49271
|
2026-06-26 21:33 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
404
|
7.5 |
HIGH
Network
|
sunnyadn
|
js-toml
|
js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written `parseBigI…
New
|
CWE-400
CWE-407
CWE-1333
Uncontrolled Resource Consumption
Inefficient Algorithmic Complexity
Inefficient Regular Expression Complexity
|
CVE-2026-49293
|
2026-06-26 21:11 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
405
|
- |
|
-
|
-
|
wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When the supplied key is longer than the …
New
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2026-8720
|
2026-06-26 20:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
406
|
- |
|
-
|
-
|
iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP addr…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-7532
|
2026-06-26 20:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
407
|
- |
|
-
|
-
|
PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted.
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-7511
|
2026-06-26 20:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
408
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in jupyter/nbconvert versions <= 7.17.0 allows for Cross-site Scripting (XSS) via unsanitized `text/vnd.mermaid` output in HTML exports. The `data_mermaid` block in `share/templates/l…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6658
|
2026-06-26 20:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
409
|
- |
|
-
|
-
|
The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weakening IND-CCA2 security on that code path. The consta…
New
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-6330
|
2026-06-26 20:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
410
|
- |
|
-
|
-
|
PKCS#12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS#12 verify path compared the loc…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-6329
|
2026-06-26 20:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
