|
181
|
- |
|
-
|
-
|
A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypas…
New
|
CWE-22
CWE-200
Path Traversal
Information Exposure
|
CVE-2026-11431
|
2026-06-6 07:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
182
|
- |
|
-
|
-
|
A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that us…
New
|
CWE-22
CWE-94
Path Traversal
Code Injection
|
CVE-2026-11429
|
2026-06-6 07:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
183
|
- |
|
-
|
-
|
A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is t…
New
|
CWE-200
CWE-918
Information Exposure
Server-Side Request Forgery (SSRF)
|
CVE-2026-11424
|
2026-06-6 07:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
184
|
8.1 |
HIGH
Network
|
-
|
-
|
MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured down…
New
|
CWE-22
Path Traversal
|
CVE-2026-11416
|
2026-06-6 07:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
185
|
- |
|
-
|
-
|
Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cau…
New
|
-
|
CVE-2026-36785
|
2026-06-6 06:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
186
|
- |
|
-
|
-
|
A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regul…
New
|
CWE-22
CWE-269
Path Traversal
Improper Privilege Management
|
CVE-2026-11423
|
2026-06-6 06:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
187
|
7.1 |
HIGH
Local
|
-
|
-
|
Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedd…
New
|
CWE-95
Eval Injection
|
CVE-2026-11422
|
2026-06-6 06:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
188
|
6.5 |
MEDIUM
Network
|
gkostka
|
lwext4
|
An out-of-bounds read in the ext4_ext_binsearch_idx function in src/ext4_extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 files…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2025-70101
|
2026-06-6 06:10 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
189
|
5.5 |
MEDIUM
Local
|
gkostka
|
lwext4
|
A divide-by-zero vulnerability in the ext4_block_set_lb_size function in src/ext4_blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 fi…
Update
|
CWE-369
Divide By Zero
|
CVE-2025-70100
|
2026-06-6 06:09 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
190
|
9.8 |
CRITICAL
Network
|
freedesktop
|
libinput
|
In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution
New
|
CWE-93
CRLF Injection
|
CVE-2026-50292
|
2026-06-6 06:06 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
