|
611
|
- |
|
-
|
-
|
A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with…
New
|
CWE-862
Missing Authorization
|
CVE-2026-0272
|
2026-06-12 00:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
612
|
- |
|
-
|
-
|
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to …
New
|
CWE-78
OS Command
|
CVE-2026-0273
|
2026-06-12 00:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
613
|
- |
|
-
|
-
|
An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resource…
New
|
CWE-1390
Weak Authentication
|
CVE-2026-0274
|
2026-06-12 00:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
614
|
- |
|
-
|
-
|
An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kern…
New
|
CWE-122
CWE-131
CWE-787
Heap-based Buffer Overflow
Incorrect Calculation of Buffer Size
Out-of-bounds Write
|
CVE-2026-11604
|
2026-06-12 00:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
615
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions.
Affected versions:
Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through …
New
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-40985
|
2026-06-12 00:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
616
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "text/html", which can result in a scripting attack in the user's browser if t…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-40986
|
2026-06-12 00:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
617
|
7.1 |
HIGH
Network
|
-
|
-
|
A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured local-directory) with attacker-controlled content.
Affected version…
New
|
CWE-22
Path Traversal
|
CVE-2026-40987
|
2026-06-12 00:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
618
|
5.0 |
MEDIUM
Adjacent
|
-
|
-
|
Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=tru…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-40992
|
2026-06-12 00:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
619
|
8.2 |
HIGH
Network
|
-
|
-
|
Wss4jSecurityInterceptor initialized its BSP (WS-I Basic Security Profile) compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security…
New
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2026-40994
|
2026-06-12 00:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
620
|
5.4 |
MEDIUM
Network
|
-
|
-
|
X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, without applying Spring Security's standard account lifecycle …
New
|
CWE-287
Improper Authentication
|
CVE-2026-40995
|
2026-06-12 00:21 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
