|
721
|
2.7 |
LOW
Network
|
-
|
-
|
A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This…
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2026-9088
|
2026-06-5 23:56 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
722
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument deli…
|
CWE-88
Argument Injection
|
CVE-2026-11332
|
2026-06-5 23:56 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
723
|
7.0 |
HIGH
Local
|
-
|
-
|
A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution…
|
CWE-78
OS Command
|
CVE-2026-50265
|
2026-06-5 23:56 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
724
|
- |
|
-
|
-
|
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
|
-
|
CVE-2026-38500
|
2026-06-5 23:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
725
|
6.5 |
MEDIUM
Network
|
vmware
|
spring_cloud_function
|
Under infinite recursion in the routing layer, request-handling can cause OOM error.
Affected Spring Products and Versions:
Spring Cloud Function 3.2.x: versions prior to 3.2.16
Spring Cloud Functio…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-40989
|
2026-06-5 22:49 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
726
|
6.5 |
MEDIUM
Network
|
vmware
|
spring_cloud_function
|
OOM error is possible while attempting to add infinite amount of functions to Function Registry.
Affected Spring Products and Versions:
Spring Cloud Function 3.2.x: versions prior to 3.2.16
Spring C…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-40990
|
2026-06-5 22:47 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
727
|
7.3 |
HIGH
Local
|
aiohttp
|
aiohttp
|
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using ``CookieJar.load()`` with untrusted input may allow arbitrary code execution. Most appli…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-34993
|
2026-06-5 22:44 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
728
|
7.5 |
HIGH
Network
|
aiohttp
|
aiohttp
|
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the `cookies` parameter on requests are sent after following a cross-origin r…
|
CWE-346
Origin Validation Error
|
CVE-2026-47265
|
2026-06-5 22:39 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
729
|
7.8 |
HIGH
Local
|
-
|
-
|
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-50256
|
2026-06-5 22:27 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
730
|
7.8 |
HIGH
Local
|
-
|
-
|
A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attack…
|
CWE-416
Use After Free
|
CVE-2026-50257
|
2026-06-5 22:27 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
