|
201
|
- |
|
-
|
-
|
Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cau…
New
|
-
|
CVE-2026-36785
|
2026-06-6 06:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202
|
- |
|
-
|
-
|
A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regul…
New
|
CWE-22
CWE-269
Path Traversal
Improper Privilege Management
|
CVE-2026-11423
|
2026-06-6 06:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203
|
7.1 |
HIGH
Local
|
-
|
-
|
Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedd…
New
|
CWE-95
Eval Injection
|
CVE-2026-11422
|
2026-06-6 06:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
204
|
6.5 |
MEDIUM
Network
|
gkostka
|
lwext4
|
An out-of-bounds read in the ext4_ext_binsearch_idx function in src/ext4_extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 files…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2025-70101
|
2026-06-6 06:10 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
205
|
5.5 |
MEDIUM
Local
|
gkostka
|
lwext4
|
A divide-by-zero vulnerability in the ext4_block_set_lb_size function in src/ext4_blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 fi…
Update
|
CWE-369
Divide By Zero
|
CVE-2025-70100
|
2026-06-6 06:09 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
206
|
9.8 |
CRITICAL
Network
|
freedesktop
|
libinput
|
In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution
Update
|
CWE-93
CRLF Injection
|
CVE-2026-50292
|
2026-06-6 06:06 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207
|
9.1 |
CRITICAL
Network
|
netty
|
netty-incubator-codec-ohttp
|
The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JNI. When deriving native memory addresses…
Update
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2026-48040
|
2026-06-6 06:04 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208
|
5.3 |
MEDIUM
Network
|
netty
|
netty-incubator-codec-ohttp
|
The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The byte[] is filled with zeros and has no way to distin…
Update
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2026-41207
|
2026-06-6 06:01 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: Add missing NULL check for alloc_workqueue()
alloc_workqueue() can return NULL on memory allocation failure. Witho…
Update
|
-
|
CVE-2025-71313
|
2026-06-6 05:51 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
drm/panthor: Recover from panthor_gpu_flush_caches() failures
We have seen a few cases where the whole memory subsystem is blocke…
Update
|
-
|
CVE-2025-71314
|
2026-06-6 05:51 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
