|
161
|
- |
|
-
|
-
|
An
authenticated format string vulnerability exists in the ONVIF service of Tapo
C110 v2 due to improper handling of user-controlled input. Externally controlled data is interpreted as
a format stri…
New
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2026-6250
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
162
|
8.8 |
HIGH
Network
|
-
|
-
|
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to …
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-11933
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
163
|
- |
|
-
|
-
|
Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attrib…
New
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-20746
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
164
|
6.7 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges …
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-48914
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
165
|
- |
|
-
|
-
|
A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remedia…
New
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-9266
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
166
|
10.0 |
CRITICAL
Network
|
-
|
-
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__"), Buffer.call.call({}.__lookupSetter__, Buffer, "__proto_…
New
|
CWE-913
Improper Control of Dynamically-Managed Code Resources
|
CVE-2026-47131
|
2026-06-13 01:03 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
167
|
8.7 |
HIGH
Network
|
-
|
-
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's…
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-47135
|
2026-06-13 01:03 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
168
|
- |
|
-
|
-
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnostics_channel, …
New
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2026-47141
|
2026-06-13 01:03 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
169
|
10.0 |
CRITICAL
Network
|
-
|
-
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check in nodevm.js line 263 that blocks the combination nesting: t…
New
|
CWE-913
Improper Control of Dynamically-Managed Code Resources
|
CVE-2026-47137
|
2026-06-13 01:03 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
170
|
8.6 |
HIGH
Network
|
-
|
-
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js (line 1231) ignores the receiver parameter and unconditionally writes to the host target o…
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-47209
|
2026-06-13 01:03 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
