|
671
|
5.4 |
MEDIUM
Network
|
adobe
|
experience_manager
|
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48301
|
2026-06-10 23:46 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
672
|
5.4 |
MEDIUM
Network
|
adobe
|
experience_manager
|
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-48304
|
2026-06-10 23:45 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
673
|
5.4 |
MEDIUM
Network
|
adobe
|
experience_manager
|
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-47974
|
2026-06-10 23:33 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
674
|
7.3 |
HIGH
Network
|
-
|
-
|
Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered trusted
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-9758
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
675
|
- |
|
-
|
-
|
Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could be set through the `POST…
New
|
-
|
CVE-2026-53441
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
676
|
8.8 |
HIGH
Network
|
-
|
-
|
Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by pres…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-52754
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
677
|
8.8 |
HIGH
Network
|
-
|
-
|
Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a maliciou…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-52751
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
678
|
7.8 |
HIGH
Local
|
-
|
-
|
Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands und…
New
|
CWE-88
Argument Injection
|
CVE-2026-52750
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
679
|
7.7 |
HIGH
Network
|
-
|
-
|
Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the…
New
|
CWE-22
Path Traversal
|
CVE-2026-49957
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
680
|
8.8 |
HIGH
Network
|
-
|
-
|
Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE …
New
|
CWE-89
SQL Injection
|
CVE-2026-49498
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
