|
2201
|
6.9 |
MEDIUM
Local
|
libexpat_project
|
libexpat
|
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.
|
CWE-821
Incorrect Synchronization
|
CVE-2026-56132
|
2026-06-24 05:15 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2202
|
6.9 |
MEDIUM
Local
|
libexpat_project
|
libexpat
|
libexpat before 2.8.2 has an integer overflow in storeAtts.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-56403
|
2026-06-24 05:15 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2203
|
6.9 |
MEDIUM
Local
|
libexpat_project
|
libexpat
|
libexpat before 2.8.2 has an integer overflow in addBinding.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-56404
|
2026-06-24 05:15 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2204
|
6.9 |
MEDIUM
Local
|
libexpat_project
|
libexpat
|
libexpat before 2.8.2 has an integer overflow in getAttributeId.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-56405
|
2026-06-24 05:14 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2205
|
6.3 |
MEDIUM
Network
|
apache
|
nifi
|
Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 through 2.9.0 allows clients with read access to submit proposed configuration properties. The proposed …
|
CWE-863
Incorrect Authorization
|
CVE-2026-44911
|
2026-06-24 04:55 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2206
|
7.2 |
HIGH
Network
|
apache
|
nifi
|
Improper escaping of database table names in the CaptureChangeMySQL Processor included with Apache NiFi 1.2.0 through 2.9.0 allows for injecting SQL commands using crafted naming. Manual quoted bound…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-44913
|
2026-06-24 04:53 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2207
|
7.8 |
HIGH
Local
|
-
|
-
|
Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-12957
|
2026-06-24 04:36 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2208
|
7.8 |
HIGH
Local
|
-
|
-
|
Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously…
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-12958
|
2026-06-24 04:36 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2209
|
6.5 |
MEDIUM
Network
|
-
|
-
|
SQL Injection vulnerability in Cboard v.0.4.2 and before allows a remote attacker to execute arbitrary code via the getDimensionsValues component
|
CWE-89
SQL Injection
|
CVE-2026-52673
|
2026-06-24 04:35 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2210
|
- |
|
-
|
-
|
Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-62180
|
2026-06-24 04:34 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|