|
641
|
7.3 |
HIGH
Network
|
-
|
-
|
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline (@pnpm/patch-package) performs no path validation on file paths extracted from .patch files. An attacker who …
New
|
CWE-22
Path Traversal
|
CVE-2026-50015
|
2026-06-26 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
642
|
7.5 |
HIGH
Network
|
-
|
-
|
Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by sending a small number of maliciously fragmented IPv6 packets. When such a packet is handled by th…
New
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2026-13351
|
2026-06-26 04:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
643
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in the st_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
New
|
CWE-89
SQL Injection
|
CVE-2025-61023
|
2026-06-26 04:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
644
|
5.5 |
MEDIUM
Network
|
-
|
-
|
Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/{their_own_id} and grant themselves any permission except …
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-48493
|
2026-06-26 04:14 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
645
|
8.7 |
HIGH
Local
|
-
|
-
|
Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0) validates only file presence and a version marker strin…
New
|
CWE-353
Missing Support for Integrity Check
|
CVE-2026-7574
|
2026-06-26 04:14 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
646
|
8.6 |
HIGH
Network
|
-
|
-
|
Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by…
New
|
CWE-200
Information Exposure
|
CVE-2026-49269
|
2026-06-26 04:14 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
647
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A use-after-free in the gf_filter_pid_reconfigure_task_discard function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via suppl…
New
|
CWE-416
Use After Free
|
CVE-2025-60471
|
2026-06-26 04:14 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
648
|
7.5 |
HIGH
Network
|
-
|
-
|
Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query par…
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-54297
|
2026-06-26 04:14 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
649
|
5.5 |
MEDIUM
Local
|
-
|
-
|
GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a denial of service (local). The component is: filter_c…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2025-60468
|
2026-06-26 04:14 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
650
|
7.5 |
HIGH
Network
|
-
|
-
|
A use-after-free in the gf_filter_pid_inst_swap_delete_task function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplyin…
New
|
CWE-416
Use After Free
|
CVE-2025-60467
|
2026-06-26 04:14 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
