|
281
|
7.8 |
HIGH
Local
|
-
|
-
|
Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands und…
New
|
CWE-88
Argument Injection
|
CVE-2026-52750
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282
|
7.7 |
HIGH
Network
|
-
|
-
|
Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the…
New
|
CWE-22
Path Traversal
|
CVE-2026-49957
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283
|
8.8 |
HIGH
Network
|
-
|
-
|
Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE …
New
|
CWE-89
SQL Injection
|
CVE-2026-49498
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284
|
3.3 |
LOW
Local
|
-
|
-
|
Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attacke…
New
|
CWE-22
Path Traversal
|
CVE-2026-49497
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Ellucian Banner Self-Service before the April T2 release (2025-04-23) contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP user…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-47106
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286
|
7.7 |
HIGH
Network
|
-
|
-
|
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/…
New
|
CWE-79
CWE-862
Cross-site Scripting
Missing Authorization
|
CVE-2026-46518
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287
|
7.8 |
HIGH
Local
|
-
|
-
|
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trust_remote_c…
New
|
CWE-94
Code Injection
|
CVE-2026-46432
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288
|
- |
|
-
|
-
|
An improper implementation of TLS certificate validation vulnerability found in ReadyCloud client app which can allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting prod…
New
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-0420
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289
|
- |
|
-
|
-
|
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and fu…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-0415
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290
|
- |
|
-
|
-
|
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and fu…
New
|
CWE-94
Code Injection
|
CVE-2026-0414
|
2026-06-10 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
