|
61
|
8.1 |
HIGH
Network
|
-
|
-
|
Issue summary: A signed integer overflow when sizing the destination
buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap
buffer overflow.
Impact summary: A heap buffer overflow may…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-7383
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
62
|
9.8 |
CRITICAL
Network
|
-
|
-
|
YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of YesWiki. The application attempts to sa…
New
|
CWE-94
CWE-1333
Code Injection
Inefficient Regular Expression Complexity
|
CVE-2026-52778
|
2026-06-10 02:17 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
63
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
New
|
CWE-200
Information Exposure
|
CVE-2026-50508
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
64
|
6.8 |
MEDIUM
Physics
|
-
|
-
|
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-50507
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
65
|
7.5 |
HIGH
Network
|
-
|
-
|
Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests.
This issue affects Apache HTTP Server: from 2.4.17 …
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-49975
|
2026-06-10 02:17 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
66
|
8.8 |
HIGH
Network
|
-
|
-
|
Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration…
New
|
CWE-78
OS Command
|
CVE-2026-49959
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
67
|
5.0 |
MEDIUM
Local
|
-
|
-
|
Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use (TOCTOU) race condition vulnerability in the git_discard function within api/workspace_git.py that allows attackers to delete…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-49958
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
68
|
7.7 |
HIGH
Network
|
-
|
-
|
Hermes WebUI before version 0.51.269 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the…
New
|
CWE-22
Path Traversal
|
CVE-2026-49957
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
69
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey option…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-49955
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
70
|
4.3 |
MEDIUM
Network
|
-
|
-
|
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version…
New
|
CWE-287
Improper Authentication
|
CVE-2026-49848
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
