|
571
|
- |
|
-
|
-
|
In AzeoTech DAQFactory versions 21.1 and prior, a Use After Free vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.
New
|
CWE-416
Use After Free
|
CVE-2026-12921
|
2026-06-26 05:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
572
|
3.7 |
LOW
Network
|
-
|
-
|
GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server.
New
|
CWE-839
Numeric Range Comparison Without Minimum Check
|
CVE-2026-56968
|
2026-06-26 05:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
573
|
- |
|
-
|
-
|
In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device) from client requests before forwardi…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-50221
|
2026-06-26 05:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
574
|
4.0 |
MEDIUM
Local
|
-
|
-
|
GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2.
New
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-57053
|
2026-06-26 05:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
575
|
2.9 |
LOW
Local
|
-
|
-
|
CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is …
New
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-57062
|
2026-06-26 05:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
576
|
- |
|
-
|
-
|
An unauthorized user can modify configuration through API
calls that affects the OpenText Access
Manager. This issue affects Access Manager before 5.1.3.
New
|
CWE-648
Incorrect Use of Privileged APIs
|
CVE-2026-11877
|
2026-06-26 05:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
577
|
- |
|
-
|
-
|
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText Access Manager allows Cross-Site Scripting (XSS).
This issue affects Access Manager: fr…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-11878
|
2026-06-26 05:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
578
|
- |
|
-
|
-
|
Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception.
This issue affects HYPR Passwordless: before 11.1.1.
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-4522
|
2026-06-26 05:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
579
|
- |
|
-
|
-
|
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be cont…
New
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-55736
|
2026-06-26 05:13 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
580
|
6.3 |
MEDIUM
Network
|
-
|
-
|
@rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rewrite OpenClaw plugin passes attacker-controlled inpu…
New
|
CWE-78
OS Command
|
CVE-2026-55249
|
2026-06-26 05:13 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
