|
661
|
8.1 |
HIGH
Network
|
-
|
-
|
FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos() function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the req…
New
|
CWE-20
CWE-176
CWE-178
Improper Input Validation
Improper Handling of Unicode Encoding
Improper Handling of Case Sensitivity
|
CVE-2026-45062
|
2026-06-11 23:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
662
|
8.8 |
HIGH
Network
|
nsa
|
ghidra
|
Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers c…
New
|
CWE-89
SQL Injection
|
CVE-2026-52758
|
2026-06-11 22:58 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
663
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_sampler
|
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-48306
|
2026-06-11 22:53 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
664
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_sampler
|
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-48305
|
2026-06-11 22:51 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
665
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_sampler
|
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-34710
|
2026-06-11 22:50 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
666
|
5.5 |
MEDIUM
Local
|
nsa
|
ghidra
|
Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O bin…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-52759
|
2026-06-11 22:28 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
667
|
8.8 |
HIGH
Network
|
jenkins
|
jenkins
|
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or plugins from an attacker-controlled `config.…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-53435
|
2026-06-11 22:26 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
668
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments (`./` or `../`), a…
New
|
CWE-601
Open Redirect
|
CVE-2026-53436
|
2026-06-11 22:24 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
669
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab or newline characters between `//`, a…
New
|
CWE-601
Open Redirect
|
CVE-2026-53437
|
2026-06-11 22:23 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
670
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have…
New
|
CWE-862
Missing Authorization
|
CVE-2026-53438
|
2026-06-11 22:21 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
