|
1081
|
- |
|
-
|
-
|
An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-11535
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1082
|
- |
|
-
|
-
|
The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed.
|
CWE-807
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-12058
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1083
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are re…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-10557
|
2026-06-13 01:06 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1084
|
8.1 |
HIGH
Network
|
-
|
-
|
The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subsc…
|
CWE-862
Missing Authorization
|
CVE-2026-7368
|
2026-06-13 01:06 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1085
|
9.0 |
CRITICAL
Network
|
-
|
-
|
Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity Provider (authenticity) in two SAML flows: the OAut…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-41005
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1086
|
8.8 |
HIGH
Network
|
-
|
-
|
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-11933
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1087
|
- |
|
-
|
-
|
Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attrib…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-20746
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1088
|
6.7 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges …
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-48914
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1089
|
- |
|
-
|
-
|
A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remedia…
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-9266
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1090
|
8.7 |
HIGH
Network
|
-
|
-
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-47135
|
2026-06-13 01:03 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
