|
3671
|
7.5 |
HIGH
Network
|
ibm
|
infosphere_optim_test_data_fabrication
|
IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2.2, 1.0.2.3, 1.0.2.4, 1.0.2.5, 1.0.2.6, 1.0.2.7 could allow a remote attacker to traverse directories on the system. An…
|
CWE-22
Path Traversal
|
CVE-2026-3366
|
2026-06-3 04:50 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3672
|
7.8 |
HIGH
Local
|
ibm
|
netezza_performance_server_replication_services
|
IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker c…
|
CWE-250
NVD-CWE-noinfo
Execution with Unnecessary Privileges
|
CVE-2026-3623
|
2026-06-3 04:44 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3673
|
6.5 |
MEDIUM
Network
|
ibm
|
cloud_application_performance_managemen
|
IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of se…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-3676
|
2026-06-3 04:41 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3674
|
3.7 |
LOW
Network
|
erlang
|
erlang\/otp
|
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid.
OCSP re…
|
CWE-295
CWE-672
Improper Certificate Validation
Operation on a Resource after Expiration or Release
|
CVE-2026-42791
|
2026-06-3 04:18 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3675
|
7.8 |
HIGH
Local
|
google
|
android
|
In performPreInstallChecks of InstallRepository.kt, there is a possible way to bypass MDM policy due to a logic error in the code. This could lead to local escalation of privilege with no additional …
|
CWE-693
Protection Mechanism Failure
|
CVE-2025-48652
|
2026-06-3 03:59 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3676
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In isSameApp of NotificationManagerService.java, there is a possible persistent dos due to resource exhaustion. This could lead to local denial of service with no additional execution privileges need…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2025-48648
|
2026-06-3 03:59 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3677
|
3.3 |
LOW
Local
|
google
|
android
|
In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclos…
|
NVD-CWE-noinfo
|
CVE-2025-48616
|
2026-06-3 03:58 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3678
|
7.8 |
HIGH
Local
|
google
|
android
|
In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no ad…
|
CWE-441
Confused Deputy
|
CVE-2025-48570
|
2026-06-3 03:58 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3679
|
7.8 |
HIGH
Local
|
google
|
android
|
In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges neede…
|
NVD-CWE-noinfo
|
CVE-2025-32348
|
2026-06-3 03:50 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3680
|
6.5 |
MEDIUM
Network
|
apache
|
airflow
|
A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process (read-path attack — e.g. `/etc/passwd` or `airflow.cfg…
|
CWE-59
Link Following
|
CVE-2026-40861
|
2026-06-3 03:49 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
