|
3511
|
7.8 |
HIGH
Local
|
-
|
-
|
A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to im…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-10847
|
2026-06-12 00:30 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3512
|
6.6 |
MEDIUM
Local
|
-
|
-
|
Authentication bypass by primary weakness vulnerability in ABB Freelance.
This issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, 2024.
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2025-7064
|
2026-06-12 00:28 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3513
|
- |
|
-
|
-
|
Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. This vulnerability allows an attacker in the same local network to read arbitrary files from the server's operating system by ma…
|
CWE-22
Path Traversal
|
CVE-2026-8464
|
2026-06-12 00:28 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3514
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion.
This issue affects LimRAD NAC: before 5.5.7.3.9.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7852
|
2026-06-12 00:28 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3515
|
7.9 |
HIGH
Local
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-45588
|
2026-06-12 00:25 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3516
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTH_I…
|
CWE-20
Improper Input Validation
|
CVE-2026-48107
|
2026-06-12 00:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3517
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, …
|
CWE-20
Improper Input Validation
|
CVE-2026-48108
|
2026-06-12 00:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3518
|
- |
|
-
|
-
|
Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add() handler attempted to remove an attacker-supplied id from $params before normalizing the …
|
CWE-20
Improper Input Validation
|
CVE-2026-53901
|
2026-06-12 00:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3519
|
- |
|
-
|
-
|
Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-53911
|
2026-06-12 00:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3520
|
- |
|
-
|
-
|
Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored the registrant’s hashed password in the inbox message data payload. Th…
|
CWE-200
Information Exposure
|
CVE-2026-53912
|
2026-06-12 00:24 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
