|
3781
|
- |
|
-
|
-
|
Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-priv…
|
CWE-22
Path Traversal
|
CVE-2026-45171
|
2026-06-13 00:30 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3782
|
- |
|
-
|
-
|
Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially exe…
|
CWE-78
OS Command
|
CVE-2026-45172
|
2026-06-13 00:30 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3783
|
- |
|
-
|
-
|
Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated …
|
CWE-346
Origin Validation Error
|
CVE-2026-45173
|
2026-06-13 00:30 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3784
|
- |
|
-
|
-
|
Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-45174
|
2026-06-13 00:30 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3785
|
- |
|
-
|
-
|
Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-45170
|
2026-06-13 00:30 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3786
|
- |
|
-
|
-
|
Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenari…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-45169
|
2026-06-13 00:30 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3787
|
5.3 |
MEDIUM
Network
|
siemens
|
sinec_ins
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used fo…
|
CWE-26
Path Traversal: '/dir/../filename'
|
CVE-2026-46747
|
2026-06-13 00:28 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3788
|
7.8 |
HIGH
Local
|
adobe
|
format_plugins
|
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of …
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-48292
|
2026-06-13 00:19 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3789
|
7.4 |
HIGH
Network
|
-
|
-
|
A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTok…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-50631
|
2026-06-13 00:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3790
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage…
|
CWE-113
HTTP Response Splitting
|
CVE-2026-50630
|
2026-06-13 00:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|