|
901
|
7.5 |
HIGH
Network
|
-
|
-
|
A reachable unwrap in the __assert_fail function (/assert/mod.rs) of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted string.
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-38640
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
902
|
4.2 |
MEDIUM
Network
|
-
|
-
|
The Mattermost Google Drive plugin before version 1.1.0 fails to validate channel membership in the file creation endpoint, allowing authenticated users with a connected Google account to share Googl…
New
|
CWE-862
Missing Authorization
|
CVE-2026-2299
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
903
|
8.1 |
HIGH
Network
|
-
|
-
|
vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability
New
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-22879
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
904
|
- |
|
-
|
-
|
ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.35 in Java applications, allows an attacker to execute arbitrary code circumvent…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-13006
|
2026-06-26 23:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
905
|
8.2 |
HIGH
Network
|
-
|
-
|
Two data sources (DICOMWebProxy and DICOMJSON) shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-12473
|
2026-06-26 23:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
906
|
7.8 |
HIGH
Local
|
-
|
-
|
A use-after-free in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafte…
New
|
CWE-416
Use After Free
|
CVE-2025-60464
|
2026-06-26 23:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
907
|
7.8 |
HIGH
Local
|
mmaitre314
|
picklescan
|
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that execut…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-71357
|
2026-06-26 23:14 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
908
|
7.8 |
HIGH
Local
|
mmaitre314
|
picklescan
|
picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-71378
|
2026-06-26 23:12 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
909
|
9.8 |
CRITICAL
Network
|
kidocode
|
crawl4ai
|
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentic…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-56265
|
2026-06-26 22:52 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
910
|
9.1 |
CRITICAL
Network
|
imagemagick
|
imagemagick
|
ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB (PSD v2) RLE decoding path (ReadPSDChannelRLE in coders/psd.c) that causes a heap out-of-bounds read on …
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-56367
|
2026-06-26 22:50 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
