|
161
|
- |
|
-
|
-
|
Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk.
The sctp_parse_error_chu…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-49759
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
162
|
- |
|
-
|
-
|
Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN allowlist.
The inet_tls_dist:check_ip/…
New
|
CWE-863
CWE-1025
Incorrect Authorization
Comparison Using Wrong Factors
|
CVE-2026-48860
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
163
|
- |
|
-
|
-
|
Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication.
W…
New
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-48859
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
164
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Uninitialized Use in Codecs in Google Chrome on Linux, ChromeOS prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted video file. (Chromium security severity: High)
New
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-11668
|
2026-06-11 01:17 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
165
|
- |
|
-
|
-
|
Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address.
The ftp_internal:handle_ctrl_…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-48858
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
166
|
- |
|
-
|
-
|
Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data.
The httpc client forwards the Authorization and Proxy-Authorization request…
New
|
CWE-601
Open Redirect
|
CVE-2026-48856
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
167
|
- |
|
-
|
-
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery.
The SSH_FXP_READLINK handler in ssh_sftpd sends the raw result of…
New
|
CWE-200
Information Exposure
|
CVE-2026-48855
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
168
|
5.0 |
MEDIUM
Network
|
-
|
-
|
OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to O…
New
|
CWE-345
CWE-668
Insufficient Verification of Data Authenticity
Exposure of Resource to Wrong Sphere
|
CVE-2026-48096
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
169
|
8.3 |
HIGH
Network
|
-
|
-
|
Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in …
New
|
CWE-639
CWE-862
Authorization Bypass Through User-Controlled Key
Missing Authorization
|
CVE-2026-46558
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
170
|
7.8 |
HIGH
Local
|
-
|
-
|
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trust_remote_code=True" enables HF supply-chain RCE without user opt-in. …
New
|
CWE-94
CWE-915
CWE-1188
Code Injection
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Insecure Default Initialization of Resource
|
CVE-2026-46517
|
2026-06-11 01:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
