|
311
|
7.5 |
HIGH
Network
|
-
|
-
|
A use-after-free in the gf_filter_pid_inst_swap_delete_task function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplyin…
New
|
CWE-416
Use After Free
|
CVE-2025-60467
|
2026-06-27 15:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312
|
5.0 |
MEDIUM
Local
|
-
|
-
|
A use-after-free in the gf_filter_pid_get_packet function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted…
New
|
CWE-416
Use After Free
|
CVE-2025-60466
|
2026-06-27 15:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313
|
6.1 |
MEDIUM
Local
|
-
|
-
|
A use-after-free in the gf_filter_pid_inst_swap function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted …
New
|
CWE-416
Use After Free
|
CVE-2025-60465
|
2026-06-27 15:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314
|
7.2 |
HIGH
Network
|
-
|
-
|
A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-9640
|
2026-06-27 14:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requ…
New
|
CWE-306
CWE-78
Missing Authentication for Critical Function
OS Command
|
CVE-2026-49980
|
2026-06-27 14:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316
|
7.8 |
HIGH
Local
|
freebsd
|
freebsd
|
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by se…
New
|
CWE-123
Write-what-where Condition
|
CVE-2026-45257
|
2026-06-27 14:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317
|
7.2 |
HIGH
Network
|
-
|
-
|
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php,…
New
|
CWE-89
SQL Injection
|
CVE-2026-40083
|
2026-06-27 14:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to i…
New
|
CWE-89
SQL Injection
|
CVE-2026-13331
|
2026-06-27 14:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Use after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted…
New
|
CWE-416
Use After Free
|
CVE-2026-13283
|
2026-06-27 14:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
320
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Integer overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chr…
New
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-13281
|
2026-06-27 14:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
