|
131
|
7.8 |
HIGH
Local
|
microsoft
|
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2019
windows_server_2022
windows_server_2025
|
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
New
|
CWE-416
Use After Free
|
CVE-2026-42983
|
2026-06-12 01:54 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
132
|
7.5 |
HIGH
Network
|
vmware
|
spring_framework
|
IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules.
Affected versi…
New
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2026-41838
|
2026-06-12 01:53 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
133
|
7.8 |
HIGH
Local
|
microsoft
|
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2019
windows_server_2022
windows_server_2025
|
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42837
|
2026-06-12 01:51 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
134
|
6.1 |
MEDIUM
Network
|
vmware
|
spring_framework
|
A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an ar…
New
|
CWE-601
Open Redirect
|
CVE-2026-41844
|
2026-06-12 01:19 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
135
|
6.5 |
MEDIUM
Network
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42903
|
2026-06-12 01:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
136
|
- |
|
-
|
-
|
openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details fro…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8406
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
137
|
8.8 |
HIGH
Network
|
-
|
-
|
IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-7870
|
2026-06-12 01:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
138
|
7.5 |
HIGH
Network
|
-
|
-
|
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7787
|
2026-06-12 01:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
139
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template inj…
New
|
CWE-94
Code Injection
|
CVE-2026-50223
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
140
|
8.6 |
HIGH
Network
|
-
|
-
|
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validati…
New
|
CWE-918
CWE-1286
CWE-1389
Server-Side Request Forgery (SSRF)
Improper Validation of Syntactic Correctness of Input
|
CVE-2026-50131
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
