|
241
|
- |
|
-
|
-
|
Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle.
Config::IniFiles::_make_filehandle open…
New
|
CWE-73
CWE-78
External Control of File Name or Path
OS Command
|
CVE-2026-11527
|
2026-06-15 09:16 |
2026-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
242
|
7.8 |
HIGH
Local
|
-
|
-
|
A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdrive/modeld/modeld.py of the component Pickle Module. The manipulation …
New
|
CWE-20
CWE-502
Improper Input Validation
Deserialization of Untrusted Data
|
CVE-2026-12191
|
2026-06-15 08:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
243
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authori…
New
|
CWE-285
CWE-939
Improper Authorization
Improper Authorization in Handler for Custom URL Scheme
|
CVE-2026-12190
|
2026-06-15 08:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
244
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules/core/backend/app/controllers/concerns/grit/core/grit_entity_controll…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-12188
|
2026-06-15 08:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245
|
8.8 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/one_click_upgrade of the component Online …
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-12187
|
2026-06-15 08:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246
|
8.8 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function replace_country in the library /usr/lib/oui-httpd/rpc/tor of the component Tor Proxy Service Configuration Ha…
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-12186
|
2026-06-15 06:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247
|
8.2 |
HIGH
Network
|
-
|
-
|
driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle_0x27_SecurityAccess() function in iso14229.c that allows a remote unauthenticated atta…
New
|
CWE-125
CWE-191
Out-of-bounds Read
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-54413
|
2026-06-15 03:17 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248
|
8.2 |
HIGH
Network
|
-
|
-
|
LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqtt_unpack_publish_response() function in src/mqtt.c that allows a remote unauthenticate…
New
|
CWE-125
CWE-191
Out-of-bounds Read
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-54412
|
2026-06-15 03:17 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or net…
New
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-54411
|
2026-06-15 03:17 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250
|
8.6 |
HIGH
Network
|
-
|
-
|
nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recv_msg_header() function of the Modbus/TCP server that allows remote unauthenticated attackers to write one attacker-control…
New
|
CWE-193
CWE-787
Off-by-one Error
Out-of-bounds Write
|
CVE-2026-54410
|
2026-06-15 03:17 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
