Total
4145 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-46614 | 2026-06-10 | N/A | 9.8 CRITICAL | ||
| Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission router registers an internal-style route — /fission-function/<name> and /fission-function/<ns>/<name> — for every Function object, independent of whether any HTTPTrigger exists for that function. The route was mounted on the same listener as user-defined HTTPTriggers (svc/router, port 8888), so any caller who could reach the router could invoke any function by guessing its metadata.name (and namespace), bypassing the host / path / method / method-allow-list restrictions encoded in HTTPTrigger objects. This issue has been patched in version 1.23.0. | |||||
| CVE-2026-49822 | 2026-06-10 | N/A | 7.7 HIGH | ||
| Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a low-privilege developer who could create a KubernetesWatchTrigger (KWT) in their own namespace was able to establish a persistent surveillance channel over any other namespace. This issue has been patched in version 1.24.0. | |||||
| CVE-2026-49823 | 2026-06-10 | N/A | 7.7 HIGH | ||
| Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a Fission Function spec carries three reference types — Secret, ConfigMap, and Package. The first two were namespace-validated by the admission webhook; PackageRef.Namespace was not. This issue has been patched in version 1.24.0. | |||||
| CVE-2026-41837 | 2026-06-10 | N/A | 5.3 MEDIUM | ||
| Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5. | |||||
| CVE-2026-41728 | 2026-06-10 | N/A | 7.5 HIGH | ||
| Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5. | |||||
| CVE-2026-1933 | 2 Redhat, Samba | 3 Enterprise Linux, Openshift Container Platform, Samba | 2026-06-10 | N/A | 7.1 HIGH |
| A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types. | |||||
| CVE-2026-48578 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-06-10 | N/A | 7.9 HIGH |
| Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | |||||
| CVE-2026-36720 | 2026-06-09 | N/A | 8.1 HIGH | ||
| Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type. | |||||
| CVE-2026-39169 | 2026-06-09 | N/A | 7.5 HIGH | ||
| SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php. | |||||
| CVE-2026-45649 | 2026-06-09 | N/A | 7.1 HIGH | ||
| Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally. | |||||
| CVE-2026-11274 | 2 Apple, Google | 2 Iphone Os, Chrome | 2026-06-09 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2026-11277 | 2 Apple, Google | 2 Iphone Os, Chrome | 2026-06-09 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2026-45746 | 1 Termix | 1 Termix | 2026-06-09 | N/A | 9.0 CRITICAL |
| Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Broken Access Control vulnerability due to improper validation of the sessionId parameter. The backend trusts a client-controlled identifier without verifying that it belongs to the authenticated user. This allows an attacker to manipulate the value and access active File Manager sessions belonging to other users. Since these sessions are tied to SSH connections to remote VPS instances, exploitation allows unauthorized interaction with another user's remote filesystem. Because the File Manager exposes functionality such as file reading, writing, uploading, and execution, this vulnerability enables direct command execution on another user's VPS (RCE). Version 2.3.2 patches the issue. | |||||
| CVE-2026-41985 | 2026-06-09 | N/A | 5.1 MEDIUM | ||
| UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2026-41984 | 2026-06-09 | N/A | 5.2 MEDIUM | ||
| UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2026-11621 | 2026-06-09 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-11190 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-09 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium) | |||||
| CVE-2026-11193 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-09 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-11532 | 2026-06-09 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A weakness has been identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected is an unknown function of the file /add.php of the component Student Record Handler. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2026-36180 | 2026-06-08 | N/A | 4.6 MEDIUM | ||
| A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack. | |||||