|
181
|
8.6 |
HIGH
Local
|
-
|
-
|
When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded, resulting in arb…
New
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-12057
|
2026-06-15 21:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
182
|
7.8 |
HIGH
Local
|
-
|
-
|
Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If this vulnerability is exploited, an attacker who can log in to…
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-50100
|
2026-06-15 19:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
183
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If a…
New
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-44188
|
2026-06-15 19:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
184
|
- |
|
-
|
-
|
Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject mal…
New
|
CWE-94
CWE-502
Code Injection
Deserialization of Untrusted Data
|
CVE-2026-11860
|
2026-06-15 19:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
185
|
5.5 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function mod_webd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web Fa…
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-12223
|
2026-06-15 15:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
186
|
8.0 |
HIGH
Adjacent
|
-
|
-
|
A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function mod_webd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipu…
New
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-12222
|
2026-06-15 15:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
187
|
8.0 |
HIGH
Adjacent
|
-
|
-
|
A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulatio…
New
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-12221
|
2026-06-15 15:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
188
|
8.0 |
HIGH
Adjacent
|
-
|
-
|
A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Uplo…
New
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-12220
|
2026-06-15 15:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
189
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod_diagnose.CommandShellByType of the file /api/diagnosis/start of the component Web FastCGI Service. Thi…
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-12219
|
2026-06-15 15:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
190
|
8.0 |
HIGH
Adjacent
|
-
|
-
|
A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. T…
New
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-12218
|
2026-06-15 15:16 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
