|
4651
|
8.0 |
HIGH
Network
|
-
|
-
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network.
|
CWE-79
Cross-site Scripting
|
CVE-2026-45644
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4652
|
7.5 |
HIGH
Network
|
-
|
-
|
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
|
CWE-125
Out-of-bounds Read
|
CVE-2026-45639
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4653
|
7.5 |
HIGH
Network
|
-
|
-
|
Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-45591
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4654
|
7.5 |
HIGH
Network
|
-
|
-
|
Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network.
|
CWE-94
Code Injection
|
CVE-2026-45583
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4655
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
|
CWE-79
Cross-site Scripting
|
CVE-2026-45500
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4656
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.
|
CWE-59
Link Following
|
CVE-2026-45491
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4657
|
7.8 |
HIGH
Local
|
-
|
-
|
Improper authorization in .NET allows an authorized attacker to elevate privileges locally.
|
CWE-285
Improper Authorization
|
CVE-2026-45490
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4658
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network.
|
CWE-79
Cross-site Scripting
|
CVE-2026-45483
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4659
|
8.4 |
HIGH
Local
|
-
|
-
|
Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
|
CWE-22
Path Traversal
|
CVE-2026-45482
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4660
|
8.2 |
HIGH
Local
|
-
|
-
|
Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally.
|
CWE-416
Use After Free
|
CVE-2026-45476
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4661
|
7.8 |
HIGH
Local
|
-
|
-
|
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-45475
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4662
|
8.4 |
HIGH
Local
|
-
|
-
|
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
|
CWE-416
Use After Free
|
CVE-2026-45474
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4663
|
8.4 |
HIGH
Local
|
-
|
-
|
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
|
CWE-416
Use After Free
|
CVE-2026-45472
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4664
|
7.8 |
HIGH
Local
|
-
|
-
|
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
|
CWE-822
Untrusted Pointer Dereference
|
CVE-2026-45471
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4665
|
3.3 |
LOW
Local
|
-
|
-
|
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-45466
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4666
|
8.4 |
HIGH
Local
|
-
|
-
|
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
|
CWE-121 CWE-191
Stack-based Buffer Overflow Integer Underflow (Wrap or Wraparound)
|
CVE-2026-45463
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4667
|
8.4 |
HIGH
Local
|
-
|
-
|
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
|
CWE-416
Use After Free
|
CVE-2026-45461
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4668
|
4.7 |
MEDIUM
Local
|
-
|
-
|
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
|
CWE-126
Buffer Over-read
|
CVE-2026-45460
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4669
|
3.3 |
LOW
Local
|
-
|
-
|
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
|
CWE-125
Out-of-bounds Read
|
CVE-2026-45455
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4670
|
7.8 |
HIGH
Local
|
-
|
-
|
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
|
CWE-197 CWE-416
Numeric Truncation Error Use After Free
|
CVE-2026-44823
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4671
|
7.8 |
HIGH
Local
|
-
|
-
|
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-44812
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4672
|
7.8 |
HIGH
Local
|
-
|
-
|
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-44803
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4673
|
7.5 |
HIGH
Network
|
-
|
-
|
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
|
CWE-362 CWE-416
Race Condition Use After Free
|
CVE-2026-42913
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4674
|
7.5 |
HIGH
Network
|
-
|
-
|
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42908
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4675
|
8.4 |
HIGH
Network
|
-
|
-
|
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.
|
CWE-79
Cross-site Scripting
|
CVE-2026-41098
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4676
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-40371
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4677
|
8.8 |
HIGH
Local
|
-
|
-
|
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.
|
CWE-22
Path Traversal
|
CVE-2026-32193
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4678
|
4.8 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website.
|
CWE-601
Open Redirect
|
CVE-2026-28301
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4679
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-26142
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4680
|
7.3 |
HIGH
Local
|
-
|
-
|
NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering…
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-24181
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4681
|
7.3 |
HIGH
Local
|
-
|
-
|
NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-24180
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4682
|
8.1 |
HIGH
Network
|
-
|
-
|
Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service. The helper validates connecting XPC clients using the clien…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-24065
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4683
|
7.8 |
HIGH
Local
|
-
|
-
|
Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability.
|
CWE-22
Path Traversal
|
CVE-2026-22926
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4684
|
7.3 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/admin_login.php of the com…
|
CWE-74 CWE-89
Injection SQL Injection
|
CVE-2026-11531
|
2026-06-10 02:17 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4685
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least p…
|
CWE-266 CWE-272
Incorrect Privilege Assignment Least Privilege Violation
|
CVE-2026-11494
|
2026-06-10 02:17 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4686
|
- |
-
|
-
|
-
|
Two endpoints in the Vault Service ScriptsController, shared by Altium Enterprise Server and Altium 365, accept file uploads where a user-supplied filename component is used to construct the destinat…
|
CWE-22 CWE-306
Path Traversal Missing Authentication for Critical Function
|
CVE-2026-11429
|
2026-06-10 02:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4687
|
8.8 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stac…
|
CWE-119 CWE-121
Incorrect Access of Indexable Resource ('Range Error') Stack-based Buffer Overflow
|
CVE-2026-11413
|
2026-06-10 02:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4688
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file …
|
CWE-266 CWE-285
Incorrect Privilege Assignment Improper Authorization
|
CVE-2026-11336
|
2026-06-10 02:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4689
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C,…
|
CWE-362
Race Condition
|
CVE-2025-10263
|
2026-06-10 02:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4690
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Use after free in TabStrip in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page.…
|
CWE-416
Use After Free
|
CVE-2026-11632
|
2026-06-10 01:58 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4691
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: Critical)
|
CWE-416
Use After Free
|
CVE-2026-11633
|
2026-06-10 01:57 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4692
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: C…
|
CWE-416
Use After Free
|
CVE-2026-11634
|
2026-06-10 01:56 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4693
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…
|
CWE-416
Use After Free
|
CVE-2026-11635
|
2026-06-10 01:56 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4694
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption …
|
CWE-416
Use After Free
|
CVE-2026-11636
|
2026-06-10 01:50 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4695
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
|
CWE-416
Use After Free
|
CVE-2026-11637
|
2026-06-10 01:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4696
|
8.8 |
HIGH
Network
|
samlify_project
|
samlify
|
samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text (e.g., <saml:Attribut…
|
CWE-91
Blind XPath Injection
|
CVE-2026-46490
|
2026-06-10 01:48 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4697
|
7.1 |
HIGH
Network
|
snipeitapp
|
snipe-it
|
Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to lock every admin out of the …
|
CWE-863
Incorrect Authorization
|
CVE-2026-48507
|
2026-06-10 01:41 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4698
|
9.8 |
CRITICAL
Network
|
apache
|
http_server
|
Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Users are recommended to upgrade to…
|
CWE-416
Use After Free
|
CVE-2026-29167
|
2026-06-10 01:29 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4699
|
6.1 |
MEDIUM
Network
|
apache
|
http_server
|
A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or revers…
|
CWE-79
Cross-site Scripting
|
CVE-2026-29170
|
2026-06-10 01:21 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4700
|
7.5 |
HIGH
Network
|
apache
|
http_server
|
A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend.
Users are recommended to upgrade to version 2.4.68, which fixes this issue.
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-34355
|
2026-06-10 01:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|