|
11
|
9.6 |
CRITICAL
Network
|
jpettitt
|
meshcore_card
|
MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-45323
|
2026-06-4 03:34 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
4.3 |
MEDIUM
Network
|
redhat
|
build_of_keycloak
|
A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Conne…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-9791
|
2026-06-4 03:28 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
7.5 |
HIGH
Network
|
redhat
|
build_of_keycloak
|
A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing …
Update
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-9793
|
2026-06-4 03:26 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
7.5 |
HIGH
Adjacent
|
tp-link
|
tapo_l535e_firmware
tapo_p300_firmware
tapo_d100c_firmware
|
TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext witho…
Update
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-34126
|
2026-06-4 03:18 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
7.5 |
HIGH
Network
|
-
|
-
|
Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws.
To skip a leading 3-byte UTF-8 BOM, decode_json() advances t…
New
|
CWE-755
CWE-763
Improper Handling of Exceptional Conditions
Release of Invalid Pointer or Reference
|
CVE-2026-9516
|
2026-06-4 03:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
7.3 |
HIGH
Network
|
-
|
-
|
Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled.
decode_hv() collapses duplicate object keys into an array reference…
New
|
CWE-843
Type Confusion
|
CVE-2026-9334
|
2026-06-4 03:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the `allow_origin_pat` configuration is used. The issue arises from the use o…
New
|
CWE-346
Origin Validation Error
|
CVE-2026-6657
|
2026-06-4 03:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
- |
|
-
|
-
|
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simple_packet_parser_ng.cpp, after validating that the packet contains at least sizeof(ipv4…
New
|
CWE-843
Type Confusion
|
CVE-2026-48682
|
2026-06-4 03:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
- |
|
-
|
-
|
Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects.
Tesla.Middleware.FollowRedirects strips securit…
New
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2026-48595
|
2026-06-4 03:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ibmveth: Disable GSO for packets with small MSS
Some physical adapters on Power systems do not support segmentation
offload when …
New
|
-
|
CVE-2026-46273
|
2026-06-4 03:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
