|
671
|
7.5 |
HIGH
Network
|
qnap
|
qumagie
|
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions.
We hav…
|
CWE-862
Missing Authorization
|
CVE-2026-26236
|
2026-06-13 00:35 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
672
|
7.8 |
HIGH
Local
|
siemens
|
sinec_ins
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability all…
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-46748
|
2026-06-13 00:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
673
|
- |
|
-
|
-
|
Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-priv…
|
CWE-22
Path Traversal
|
CVE-2026-45171
|
2026-06-13 00:30 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
674
|
- |
|
-
|
-
|
Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially exe…
|
CWE-78
OS Command
|
CVE-2026-45172
|
2026-06-13 00:30 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
675
|
- |
|
-
|
-
|
Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated …
|
CWE-346
Origin Validation Error
|
CVE-2026-45173
|
2026-06-13 00:30 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
676
|
- |
|
-
|
-
|
Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-45174
|
2026-06-13 00:30 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
677
|
- |
|
-
|
-
|
Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-45170
|
2026-06-13 00:30 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
678
|
- |
|
-
|
-
|
Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenari…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-45169
|
2026-06-13 00:30 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
679
|
5.3 |
MEDIUM
Network
|
siemens
|
sinec_ins
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used fo…
|
CWE-26
Path Traversal: '/dir/../filename'
|
CVE-2026-46747
|
2026-06-13 00:28 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
680
|
7.8 |
HIGH
Local
|
adobe
|
format_plugins
|
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of …
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-48292
|
2026-06-13 00:19 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
