Total
361953 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-9504 | 2026-06-17 | 1.7 LOW | 3.3 LOW | ||
| A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: be996bf2178a40e98720f18c2414815d244413db. Applying a patch is the recommended action to fix this issue. | |||||
| CVE-2026-9503 | 2026-06-17 | 1.7 LOW | 3.3 LOW | ||
| A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as 8f03865f37f5d4ffd616fef802acc980be54d300. Upgrading the affected component is advised. | |||||
| CVE-2026-9502 | 2026-06-17 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. To fix this issue, it is recommended to deploy a patch. | |||||
| CVE-2026-9501 | 2026-06-17 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipulation can lead to reachable assertion. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. A patch should be applied to remediate this issue. | |||||
| CVE-2026-9500 | 2026-06-17 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in GNU LibreDWG up to 0.14. The affected element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgread Utility. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2026-9498 | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-9497 | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-9495 | 2026-06-17 | N/A | 7.3 HIGH | ||
| Versions of the package @koa/router from 14.0.0 and before 15.0.0 are vulnerable to Access Control Bypass due to the middleware being silently dropped from the execution chain when the router prefix contains path parameters. Depending on what the skipped middleware was supposed to protect, an attacker could bypass authentication and authorization, evade rate limiting or bypass input sanitization. | |||||
| CVE-2026-9493 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details. | |||||
| CVE-2026-9490 | 1 Acer | 1 Care Center | 2026-06-17 | N/A | 5.5 MEDIUM |
| A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message (message type 0x03) to the pipe, causing the service to crash with exit code 1067 (ERROR_PROCESS_ABORTED). To mitigate this potential local service disruption, Acer requires users to update the software to the latest version. | |||||
| CVE-2026-9489 | 2026-06-17 | N/A | N/A | ||
| NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges. | |||||
| CVE-2026-9486 | 2026-06-17 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A security flaw has been discovered in SourceCodester Student Grades Management System 1.0. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-9485 | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was identified in SourceCodester Student Grades Management System 1.0. Affected by this issue is some unknown functionality of the file students.php. The manipulation of the argument Remarks leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | |||||
| CVE-2026-9484 | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected by this vulnerability is the function getClassroomStudents/removeStudentFromClassroom of the file classroom.php. Executing a manipulation of the argument classroom_id can lead to improper authorization. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-9483 | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in SourceCodester Student Grades Management System 1.0. Affected is an unknown function of the file grades.php. Performing a manipulation of the argument student_id results in improper authorization. The attack may be initiated remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-9482 | 2026-06-17 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability has been found in Edimax EW-7438RPn 1.31. This impacts the function formSDHCP of the file /goform/formSDHCP. Such manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-9481 | 2026-06-17 | 9.0 HIGH | 8.8 HIGH | ||
| A flaw has been found in Edimax EW-7438RPn 1.31. This affects the function formStats of the file /goform/formStats. This manipulation of the argument submit-url causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-9480 | 2026-06-17 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was detected in Edimax EW-7438RPn 1.31. The impacted element is the function formrefresh of the file /goform/formrefresh. The manipulation of the argument submit-url results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-9479 | 2026-06-17 | 9.0 HIGH | 8.8 HIGH | ||
| A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The affected element is the function formLogout of the file /goform/formLogout. The manipulation of the argument submit-url leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-9478 | 2026-06-17 | 10.0 HIGH | 9.8 CRITICAL | ||
| A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. | |||||