|
71
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-20233
|
2026-06-4 03:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
72
|
8.6 |
HIGH
Network
|
-
|
-
|
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attack…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-20230
|
2026-06-4 03:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
73
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to b…
New
|
CWE-73
External Control of File Name or Path
|
CVE-2026-20175
|
2026-06-4 03:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
74
|
7.3 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. …
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-10608
|
2026-06-4 03:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
75
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function _compress_context of the file run_agent.py. The manipulation leads to injectio…
New
|
CWE-74
CWE-707
Injection
Improper Enforcement of Message or Data Structure
|
CVE-2026-10221
|
2026-06-4 03:16 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
76
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
drm/panthor: Recover from panthor_gpu_flush_caches() failures
We have seen a few cases where the whole memory subsystem is blocke…
New
|
-
|
CVE-2025-71314
|
2026-06-4 03:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
77
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: Add missing NULL check for alloc_workqueue()
alloc_workqueue() can return NULL on memory allocation failure. Witho…
New
|
-
|
CVE-2025-71313
|
2026-06-4 03:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
78
|
7.4 |
HIGH
Local
|
-
|
-
|
A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed JAR file.
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2025-64390
|
2026-06-4 03:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
79
|
5.0 |
MEDIUM
Local
|
-
|
-
|
A NULL pointer dereference in the gf_filter_pid_resolve_file_template_ex function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS)…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-60477
|
2026-06-4 03:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
80
|
7.6 |
HIGH
Adjacent
|
-
|
-
|
Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and r…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-25722
|
2026-06-4 03:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
