|
471
|
- |
|
-
|
-
|
A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints.
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-3329
|
2026-06-12 03:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
472
|
4.9 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to pe…
New
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2026-11986
|
2026-06-12 03:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
473
|
8.8 |
HIGH
Local
|
espressif
|
esp-idf
|
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_servi…
New
|
CWE-20
CWE-787
Improper Input Validation
Out-of-bounds Write
|
CVE-2026-45328
|
2026-06-12 03:15 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
474
|
7.5 |
HIGH
Network
|
espressif
|
esp-idf
|
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation pa…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-45541
|
2026-06-12 03:05 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
475
|
6.5 |
MEDIUM
Local
|
espressif
|
esp-idf
|
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c val…
New
|
CWE-20
CWE-125
CWE-200
Improper Input Validation
Out-of-bounds Read
Information Exposure
|
CVE-2026-45329
|
2026-06-12 03:04 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
476
|
6.5 |
MEDIUM
Network
|
7-zip
|
7-zip
|
7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule (.scap) parser in 7-Zip. The OpenCa…
Update
|
CWE-908
Use of Uninitialized Resource
|
CVE-2026-48101
|
2026-06-12 03:02 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
477
|
7.8 |
HIGH
Local
|
microsoft
|
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2022
windows_server_2025
|
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
Update
|
CWE-843
CWE-125
Type Confusion
Out-of-bounds Read
|
CVE-2026-45641
|
2026-06-12 02:42 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
478
|
7.1 |
HIGH
Adjacent
|
espressif
|
esp-idf
|
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 (SRP6a) session-setup …
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-45542
|
2026-06-12 02:41 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
479
|
3.9 |
LOW
Physics
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-45642
|
2026-06-12 02:39 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
480
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab has remediated an issue in GitLab EE affecting all versions from 13.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authentic…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-6277
|
2026-06-12 02:36 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
