|
211
|
- |
|
-
|
-
|
A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are acc…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-9307
|
2026-06-17 00:26 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212
|
7.5 |
HIGH
Network
|
-
|
-
|
In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable versio…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-41708
|
2026-06-17 00:23 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213
|
8.6 |
HIGH
Network
|
-
|
-
|
In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsear…
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-47835
|
2026-06-17 00:23 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214
|
8.6 |
HIGH
Network
|
-
|
-
|
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers.
Af…
|
CWE-346
Origin Validation Error
|
CVE-2026-47825
|
2026-06-17 00:23 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw an…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-7273
|
2026-06-17 00:23 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216
|
6.3 |
MEDIUM
Local
|
-
|
-
|
On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintains a global list, xtensa_domain_list, of active memory domains using a list node…
|
CWE-416
Use After Free
|
CVE-2026-10635
|
2026-06-17 00:23 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217
|
3.7 |
LOW
Network
|
-
|
-
|
In Zephyr's IPv4 IGMP implementation, igmp_send() in subsys/net/ip/igmp.c read the network interface back out of the packet via net_pkt_iface(pkt) after the packet had been handed to net_send_data().…
|
CWE-416
Use After Free
|
CVE-2026-10636
|
2026-06-17 00:23 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218
|
5.9 |
MEDIUM
Adjacent
|
-
|
-
|
subsys/net/ip/ipv6_mld.c:mld_send() read the packet interface via net_pkt_iface(pkt) after net_send_data(pkt) returned successfully. Per the network stack's ownership contract (include/zephyr/net/net…
|
CWE-416
Use After Free
|
CVE-2026-10637
|
2026-06-17 00:23 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219
|
5.9 |
MEDIUM
Network
|
-
|
-
|
subsys/net/ip/icmpv6.c reads the network interface from a net_pkt after that packet has been handed to net_try_send_data(). In icmpv6_handle_echo_request() and net_icmpv6_send_error(), the post-send …
|
CWE-416
Use After Free
|
CVE-2026-10638
|
2026-06-17 00:23 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220
|
4.8 |
MEDIUM
Network
|
-
|
-
|
In Zephyr's native IPv4 stack, icmpv4_handle_echo_request() in subsys/net/ip/icmpv4.c builds an echo-reply packet (reply), hands it to net_try_send_data(), and then, on success, calls net_stats_updat…
|
CWE-416
Use After Free
|
CVE-2026-10639
|
2026-06-17 00:23 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
