|
271
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects MetroStore: from n/a through 1.3.2.
New
|
CWE-862
Missing Authorization
|
CVE-2023-32959
|
2026-06-11 23:42 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272
|
6.1 |
MEDIUM
Network
|
-
|
-
|
draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-46642
|
2026-06-11 23:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273
|
8.1 |
HIGH
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 ("Expand validation to block .. in config_file_name and configver …
New
|
CWE-22
CWE-697
Path Traversal
Incorrect Comparison
|
CVE-2026-45569
|
2026-06-11 23:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274
|
8.1 |
HIGH
Network
|
-
|
-
|
FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos() function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the req…
New
|
CWE-20
CWE-176
CWE-178
Improper Input Validation
Improper Handling of Unicode Encoding
Improper Handling of Case Sensitivity
|
CVE-2026-45062
|
2026-06-11 23:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275
|
10.0 |
CRITICAL
Network
|
-
|
-
|
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
New
|
CWE-78
OS Command
|
CVE-2026-10520
|
2026-06-11 23:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276
|
8.8 |
HIGH
Network
|
nsa
|
ghidra
|
Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers c…
New
|
CWE-89
SQL Injection
|
CVE-2026-52758
|
2026-06-11 22:58 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_sampler
|
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-48306
|
2026-06-11 22:53 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_sampler
|
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-48305
|
2026-06-11 22:51 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_sampler
|
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-34710
|
2026-06-11 22:50 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280
|
5.5 |
MEDIUM
Local
|
nsa
|
ghidra
|
Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O bin…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-52759
|
2026-06-11 22:28 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
