Total
357355 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-41844 | 1 Vmware | 1 Spring Framework | 2026-06-11 | N/A | 4.2 MEDIUM |
| A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. | |||||
| CVE-2026-42903 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-06-11 | N/A | 6.5 MEDIUM |
| Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network. | |||||
| CVE-2026-9648 | 2026-06-11 | N/A | N/A | ||
| The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope. | |||||
| CVE-2026-8406 | 2026-06-11 | N/A | N/A | ||
| openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mail_id value. | |||||
| CVE-2026-7870 | 2026-06-11 | N/A | 8.8 HIGH | ||
| IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. | |||||
| CVE-2026-7787 | 2026-06-11 | N/A | 7.5 HIGH | ||
| IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. | |||||
| CVE-2026-53777 | 2026-06-11 | N/A | 8.1 HIGH | ||
| Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifact_name field of ArtifactReady WebSocket messages. Attackers controlling the server URL can deliver traversal payloads through the artifact_name or download_path fields, causing the client to overwrite sensitive files or expose arbitrary local files to an attacker-accessible location. | |||||
| CVE-2026-50223 | 2026-06-11 | N/A | 8.8 HIGH | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the issue. | |||||
| CVE-2026-50131 | 2026-06-11 | N/A | 8.6 HIGH | ||
| Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime document and media fetching. However, the IPv4 validation logic present starting in version 0.11.2 and prior to versions 1.9.12, 1.10.11, 2.0.19, 2.1.15, and 2.2.4 appears incomplete. The `validatePublicUrl()` protection relies on `isValidPublicIPv4Address()` to reject non-public IPv4 destinations. The function blocks common private and local ranges such as `10.0.0.0/8`, `127.0.0.0/8`, `169.254.0.0/16`, `172.16.0.0/12`, and `192.168.0.0/16`, but it still treats several special-use, reserved, multicast, benchmarking, and carrier-grade NAT IPv4 ranges as valid public destinations. Because this validation is used as an SSRF defense before outbound fetches, this appears to be an incomplete mitigation or bypass class for the previous SSRF issue. Versions 1.9.12, 1.10.11, 2.0.19, 2.1.15, and 2.2.4 contain an updated patch. | |||||
| CVE-2026-4096 | 2026-06-11 | N/A | 6.5 MEDIUM | ||
| IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking | |||||
| CVE-2026-48011 | 2026-06-11 | N/A | 3.7 LOW | ||
| Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.18 and 6.7.10.1 fix the issue. | |||||
| CVE-2026-46705 | 2026-06-11 | N/A | 5.3 MEDIUM | ||
| Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSH_MSG_USERAUTH_REQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user name and service name fields to change between authentication requests. The issue is not that such changes are invalid. The issue is that russh-owned authentication state, such as remaining methods, partial-success state, and in-progress method state, can remain associated with the connection and then influence a later request for a different (user, service). This is an internal library state mismatch. This issue has been patched in version 0.61.0. | |||||
| CVE-2026-46679 | 2026-06-11 | N/A | 7.5 HIGH | ||
| libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node with default options. This issue has been patched in version 15.0.23. | |||||
| CVE-2026-46673 | 2026-06-11 | N/A | 7.5 HIGH | ||
| Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth before validation. In older russh releases before 0.58.0, remote SSH traffic also reached CryptoVec through transport and compression buffers. This issue has been patched in version 0.60.3. | |||||
| CVE-2026-46669 | 2026-06-11 | N/A | N/A | ||
| OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's try_honest_pairing_check function invokes Theorem 3 of https://eprint.iacr.org/2024/640.pdf but does not check that the scaling factor s is in a proper subfield of Fp12. This allows incorrect results to the pairing check. This issue has been patched in version 1.6.0. | |||||
| CVE-2026-45380 | 2026-06-11 | N/A | 3.6 LOW | ||
| bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allows an attacker to craft a .7z archive that, when extracted with bit7z on any non-Windows platform, creates a symlink escaping the intended output directory. Subsequent archive entries extracted through this symlink write arbitrary files outside the extraction directory with the permissions of the extracting process. This issue has been patched in version 4.0.12. | |||||
| CVE-2026-3341 | 2026-06-11 | N/A | 5.4 MEDIUM | ||
| IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2026-38581 | 2026-06-11 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) and the id parameter (line 49). The parameters are concatenated directly into SQL queries without sanitization or parameterized statements. | |||||
| CVE-2026-11839 | 2026-06-11 | N/A | 9.9 CRITICAL | ||
| Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue affects Rotaban: from V2026.06.002 before V2026.06.003. | |||||
| CVE-2024-45636 | 2026-06-11 | N/A | 4.1 MEDIUM | ||
| IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user. | |||||