|
681
|
3.3 |
LOW
Local
|
-
|
-
|
Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attacke…
New
|
CWE-22
Path Traversal
|
CVE-2026-49497
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
682
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Ellucian Banner Self-Service before the April T2 release (2025-04-23) contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP user…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-47106
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
683
|
7.8 |
HIGH
Local
|
-
|
-
|
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trust_remote_c…
New
|
CWE-94
Code Injection
|
CVE-2026-46432
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
684
|
- |
|
-
|
-
|
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and fu…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-0415
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
685
|
- |
|
-
|
-
|
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and fu…
New
|
CWE-94
Code Injection
|
CVE-2026-0414
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
686
|
7.5 |
HIGH
Network
|
-
|
-
|
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attack…
New
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2025-71330
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
687
|
7.5 |
HIGH
Network
|
-
|
-
|
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-…
New
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2025-71329
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
688
|
7.5 |
HIGH
Network
|
-
|
-
|
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-…
New
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2025-71319
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
689
|
2.9 |
LOW
Local
|
-
|
-
|
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability s…
New
|
CWE-758
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
|
CVE-2024-58350
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
690
|
6.1 |
MEDIUM
Network
|
apache
|
answer
|
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer.
This issue affects Apache Answer: through 2.0.0.
Timeline-related APIs lacked proper authorization …
New
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2026-25699
|
2026-06-10 22:38 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
