|
581
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion.
This issue affects LimRAD NAC: before 5.5.7.3.9.
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7852
|
2026-06-12 00:28 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
582
|
7.9 |
HIGH
Local
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Update
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-45588
|
2026-06-12 00:25 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
583
|
5.3 |
MEDIUM
Network
|
-
|
-
|
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a serv…
New
|
CWE-20
CWE-918
Improper Input Validation
Server-Side Request Forgery (SSRF)
|
CVE-2026-48998
|
2026-06-12 00:25 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
584
|
5.3 |
MEDIUM
Network
|
-
|
-
|
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. A vulne…
New
|
CWE-20
CWE-93
CWE-113
Improper Input Validation
CRLF Injection
HTTP Response Splitting
|
CVE-2026-49214
|
2026-06-12 00:25 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
585
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTH_I…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-48107
|
2026-06-12 00:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
586
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, …
New
|
CWE-20
Improper Input Validation
|
CVE-2026-48108
|
2026-06-12 00:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
587
|
- |
|
-
|
-
|
Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add() handler attempted to remove an attacker-supplied id from $params before normalizing the …
New
|
CWE-20
Improper Input Validation
|
CVE-2026-53901
|
2026-06-12 00:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
588
|
- |
|
-
|
-
|
Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-53911
|
2026-06-12 00:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
589
|
- |
|
-
|
-
|
Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored the registrant’s hashed password in the inbox message data payload. Th…
New
|
CWE-200
Information Exposure
|
CVE-2026-53912
|
2026-06-12 00:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
590
|
8.7 |
HIGH
Network
|
-
|
-
|
GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authentic…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-10087
|
2026-06-12 00:22 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
