|
3651
|
3.7 |
LOW
Network
|
-
|
-
|
Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.1…
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-48011
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3652
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSH_MSG_USERAUTH_REQUEST me…
|
CWE-287
Improper Authentication
|
CVE-2026-46705
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3653
|
7.5 |
HIGH
Network
|
-
|
-
|
libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.j…
|
CWE-20
CWE-400
CWE-401
Improper Input Validation
Uncontrolled Resource Consumption
Missing Release of Memory after Effective Lifetime
|
CVE-2026-46679
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3654
|
7.5 |
HIGH
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh rele…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-46673
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3655
|
3.6 |
LOW
Local
|
-
|
-
|
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allo…
|
CWE-22
CWE-193
Path Traversal
Off-by-one Error
|
CVE-2026-45380
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3656
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) …
|
CWE-89
SQL Injection
|
CVE-2026-38581
|
2026-06-12 01:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3657
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server.
This issue affects Rotaban: from V2026.06.…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-11839
|
2026-06-12 01:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3658
|
9.6 |
CRITICAL
Adjacent
|
microsoft
|
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2022
windows_server_2025
|
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-42904
|
2026-06-12 01:15 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3659
|
7.8 |
HIGH
Local
|
microsoft
|
windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
|
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
|
CWE-416
Use After Free
|
CVE-2026-42905
|
2026-06-12 01:14 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3660
|
5.5 |
MEDIUM
Local
|
microsoft
|
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2022
windows_server_2025
|
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
|
CWE-200
Information Exposure
|
CVE-2026-42906
|
2026-06-12 01:13 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
