|
541
|
5.4 |
MEDIUM
Network
|
-
|
-
|
IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, pote…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-3341
|
2026-06-12 01:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
542
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) …
New
|
CWE-89
SQL Injection
|
CVE-2026-38581
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
543
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server.
This issue affects Rotaban: from V2026.06.…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-11839
|
2026-06-12 01:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
544
|
4.1 |
MEDIUM
Local
|
-
|
-
|
IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user.
New
|
CWE-256
Plaintext Storage of a Password
|
CVE-2024-45636
|
2026-06-12 01:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
545
|
9.6 |
CRITICAL
Adjacent
|
microsoft
|
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2022
windows_server_2025
|
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-42904
|
2026-06-12 01:15 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
546
|
7.8 |
HIGH
Local
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Update
|
CWE-416
Use After Free
|
CVE-2026-42905
|
2026-06-12 01:14 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
547
|
5.5 |
MEDIUM
Local
|
microsoft
|
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2022
windows_server_2025
|
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
Update
|
CWE-200
Information Exposure
|
CVE-2026-42906
|
2026-06-12 01:13 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
548
|
6.1 |
MEDIUM
Network
|
vmware
|
spring_framework
|
Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting (XSS) vulnerability.
Af…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-41845
|
2026-06-12 01:12 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
549
|
6.1 |
MEDIUM
Network
|
vmware
|
spring_framework
|
Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-41846
|
2026-06-12 01:10 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
550
|
5.3 |
MEDIUM
Network
|
vmware
|
spring_framework
|
Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL.
Affected versions:
Spring Framework 5.3.0 through 5.3.48.
Update
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-41847
|
2026-06-12 01:08 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
