|
461
|
8.8 |
HIGH
Network
|
-
|
-
|
Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link tok…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-56768
|
2026-06-30 14:19 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
462
|
7.0 |
HIGH
Local
|
-
|
-
|
Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. The freed memory could then be reused elsewhere while still accessible th…
New
|
CWE-416
Use After Free
|
CVE-2026-49417
|
2026-06-30 14:19 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
463
|
7.8 |
HIGH
Local
|
-
|
-
|
The CONS_HISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller…
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-49416
|
2026-06-30 14:19 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
464
|
7.8 |
HIGH
Local
|
-
|
-
|
The kernel handler for IPV6_MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. During this window another thread could free the mul…
New
|
CWE-416
Use After Free
|
CVE-2026-49412
|
2026-06-30 14:19 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
465
|
7.8 |
HIGH
Local
|
notepad-plus-plus
|
notepad\+\+
|
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <Command> tag text content inside <UserDefinedCommands> in shortcuts.xml is read by NppXml::value(aNode) (Parameters.cpp:…
New
|
CWE-78
OS Command
|
CVE-2026-48800
|
2026-06-30 14:19 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
466
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set…
Update
|
CWE-241
Improper Handling of Unexpected Data Type
|
CVE-2026-47110
|
2026-06-30 14:19 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
467
|
7.8 |
HIGH
Local
|
-
|
-
|
dsp_mmap_single() validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and length …
New
|
CWE-125 CWE-190 CWE-681 CWE-787
Out-of-bounds Read Integer Overflow or Wraparound Incorrect Conversion between Numeric Types Out-of-bounds Write
|
CVE-2026-45258
|
2026-06-30 14:19 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
468
|
- |
|
-
|
-
|
Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.
New
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-41052
|
2026-06-30 14:19 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
469
|
7.2 |
HIGH
Network
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php,…
Update
|
CWE-89
SQL Injection
|
CVE-2026-40083
|
2026-06-30 14:18 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
470
|
8.8 |
HIGH
Network
|
-
|
-
|
A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading…
New
|
CWE-23
Relative Path Traversal
|
CVE-2026-25707
|
2026-06-30 14:18 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|