|
881
|
5.5 |
MEDIUM
Local
|
nsa
|
ghidra
|
Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O bin…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-52759
|
2026-06-11 22:28 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
882
|
8.8 |
HIGH
Network
|
jenkins
|
jenkins
|
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or plugins from an attacker-controlled `config.…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-53435
|
2026-06-11 22:26 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
883
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments (`./` or `../`), a…
|
CWE-601
Open Redirect
|
CVE-2026-53436
|
2026-06-11 22:24 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
884
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab or newline characters between `//`, a…
|
CWE-601
Open Redirect
|
CVE-2026-53437
|
2026-06-11 22:23 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
885
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have…
|
CWE-862
Missing Authorization
|
CVE-2026-53438
|
2026-06-11 22:21 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
886
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names …
|
CWE-862
Missing Authorization
|
CVE-2026-53439
|
2026-06-11 22:06 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
887
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_sampler
|
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-34709
|
2026-06-11 22:05 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
888
|
7.8 |
HIGH
Local
|
-
|
-
|
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trust_remote_code=True" enables HF supply-chain RCE without user opt-in. …
|
CWE-94
CWE-915
CWE-1188
Code Injection
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Insecure Default Initialization of Resource
|
CVE-2026-46517
|
2026-06-11 21:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
889
|
- |
|
-
|
-
|
A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device.
|
CWE-20
Improper Input Validation
|
CVE-2026-9213
|
2026-06-11 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
890
|
- |
|
-
|
-
|
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks im…
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-0420
|
2026-06-11 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
