|
271
|
7.8 |
HIGH
Local
|
-
|
-
|
In multiple locations, there is a possible way to reset user-selected permissions selections due to a permissions bypass. This could lead to local escalation of privilege with no additional execution…
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2025-48649
|
2026-06-2 23:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272
|
- |
|
-
|
-
|
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attack…
New
|
CWE-77
Command Injection
|
CVE-2024-52011
|
2026-06-2 23:04 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273
|
- |
|
-
|
-
|
CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path componen…
New
|
CWE-22
Path Traversal
|
CVE-2026-45727
|
2026-06-2 23:04 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274
|
5.7 |
MEDIUM
Physics
|
-
|
-
|
Under infinite recursion in the routing layer, request-handling can cause OOM error.
Affected Spring Products and Versions:
Spring Cloud Function 3.2.x: versions prior to 3.2.16
Spring Cloud Functio…
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-40989
|
2026-06-2 23:01 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275
|
5.7 |
MEDIUM
Physics
|
-
|
-
|
OOM error is possible while attempting to add infinite amount of functions to Function Registry.
Affected Spring Products and Versions:
Spring Cloud Function 3.2.x: versions prior to 3.2.16
Spring C…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-40990
|
2026-06-2 23:01 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276
|
8.1 |
HIGH
Network
|
-
|
-
|
Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the …
New
|
CWE-88
Argument Injection
|
CVE-2026-41013
|
2026-06-2 23:01 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulner…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-43958
|
2026-06-2 23:01 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278
|
7.5 |
HIGH
Network
|
-
|
-
|
Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and pl…
New
|
CWE-287
Improper Authentication
|
CVE-2026-40964
|
2026-06-2 23:01 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) private keys are inadvertently exposed thr…
New
|
CWE-200
Information Exposure
|
CVE-2026-40965
|
2026-06-2 23:01 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280
|
8.8 |
HIGH
Local
|
-
|
-
|
The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was…
New
|
CWE-15
External Control of System or Configuration Setting
|
CVE-2026-1784
|
2026-06-2 23:01 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
