|
2431
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a …
|
CWE-125
Out-of-bounds Read
|
CVE-2025-62821
|
2026-06-23 05:44 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2432
|
7.5 |
HIGH
Network
|
-
|
-
|
GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_webpage. Therefore, exfiltration could occur if there i…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2025-66389
|
2026-06-23 05:44 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2433
|
3.7 |
LOW
Network
|
-
|
-
|
GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization.
|
CWE-696
Incorrect Behavior Order
|
CVE-2026-56355
|
2026-06-23 05:43 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2434
|
6.3 |
MEDIUM
Local
|
-
|
-
|
The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed i…
|
CWE-20 CWE-79
Improper Input Validation Cross-site Scripting
|
CVE-2026-21768
|
2026-06-23 05:42 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2435
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the `GitRepository` storage class. The `commit_sha` parameter, which is passed to gi…
|
CWE-94
Code Injection
|
CVE-2026-5366
|
2026-06-23 05:41 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2436
|
7.7 |
HIGH
Local
|
-
|
-
|
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables.
The vulnerability allows physical memory allocat…
|
CWE-416
Use After Free
|
CVE-2026-34192
|
2026-06-23 05:40 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2437
|
7.7 |
HIGH
Local
|
-
|
-
|
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use after free scenario.
A shared resource (memory pa…
|
CWE-416
Use After Free
|
CVE-2026-41156
|
2026-06-23 05:40 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2438
|
5.4 |
MEDIUM
Network
|
microsoft
|
edge_chromium
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an authorized attacker to perform spoofing over a network.
|
CWE-79
Cross-site Scripting
|
CVE-2026-32208
|
2026-06-23 05:33 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2439
|
- |
|
-
|
-
|
In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.
|
CWE-843
Type Confusion
|
CVE-2026-12390
|
2026-06-23 05:30 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2440
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+
cameras may allow a remote, unauthenticated attacker to achieve
arbitrary code execution via a specially crafted web request.
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-40624
|
2026-06-23 05:30 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|