|
531
|
7.9 |
HIGH
Local
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-48570
|
2026-06-11 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
532
|
4.4 |
MEDIUM
Local
|
-
|
-
|
Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafti…
New
|
CWE-416
Use After Free
|
CVE-2026-52757
|
2026-06-11 02:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
533
|
7.8 |
HIGH
Local
|
-
|
-
|
Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with travers…
New
|
CWE-22
Path Traversal
|
CVE-2026-52752
|
2026-06-11 02:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
534
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O b…
New
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-49495
|
2026-06-11 02:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
535
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor t…
New
|
CWE-601
Open Redirect
|
CVE-2026-46616
|
2026-06-11 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
536
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is rendered in the confirmation dialog without proper o…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-46609
|
2026-06-11 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
537
|
8.3 |
HIGH
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unau…
New
|
CWE-287
CWE-306
CWE-697
Improper Authentication
Missing Authentication for Critical Function
Incorrect Comparison
|
CVE-2026-45567
|
2026-06-11 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
538
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by rejecting strings containing https:// or …
New
|
CWE-601
Open Redirect
|
CVE-2026-45566
|
2026-06-11 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
539
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/{version,uptime,status,checks}/<server_ip> family of routes takes…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45561
|
2026-06-11 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
540
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrap_line (app/modules/common/common.py:181-186) and highlight_word (app/modules/…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-45560
|
2026-06-11 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
