|
1241
|
5.5 |
MEDIUM
Local
|
nsa
|
ghidra
|
Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-52753
|
2026-06-12 04:52 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1242
|
5.7 |
MEDIUM
Adjacent
|
microsoft
|
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2022
windows_server_2025
|
Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network.
|
CWE-131
Incorrect Calculation of Buffer Size
|
CVE-2026-42915
|
2026-06-12 04:52 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1243
|
7.8 |
HIGH
Local
|
nsa
|
ghidra
|
Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with travers…
|
CWE-22
Path Traversal
|
CVE-2026-52752
|
2026-06-12 04:52 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1244
|
8.8 |
HIGH
Network
|
nsa
|
ghidra
|
Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a maliciou…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-52751
|
2026-06-12 04:51 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1245
|
5.3 |
MEDIUM
Network
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Windows Kerberos Denial of Service Vulnerability
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42914
|
2026-06-12 04:51 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1246
|
7.8 |
HIGH
Local
|
nsa
|
ghidra
|
Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands und…
|
CWE-88
Argument Injection
|
CVE-2026-52750
|
2026-06-12 04:51 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1247
|
8.8 |
HIGH
Network
|
nsa
|
ghidra
|
Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE …
|
CWE-89
SQL Injection
|
CVE-2026-49498
|
2026-06-12 04:50 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1248
|
3.3 |
LOW
Local
|
nsa
|
ghidra
|
Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attacke…
|
CWE-22
Path Traversal
|
CVE-2026-49497
|
2026-06-12 04:50 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1249
|
6.1 |
MEDIUM
Local
|
nsa
|
ghidra
|
Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vecto…
|
CWE-416
Use After Free
|
CVE-2026-49496
|
2026-06-12 04:50 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1250
|
5.5 |
MEDIUM
Local
|
nsa
|
ghidra
|
Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O b…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-49495
|
2026-06-12 04:49 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
