|
211
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
A buffer overflow vulnerability in the UPnP AddPortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-3870
|
2026-06-2 23:45 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
A buffer overflow vulnerability in the UPnP DeletePortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-3871
|
2026-06-2 23:45 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213
|
- |
|
-
|
-
|
LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to th…
New
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-10549
|
2026-06-2 23:45 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214
|
8.8 |
HIGH
Network
|
-
|
-
|
microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw_to_header() function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a cra…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-43623
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215
|
8.2 |
HIGH
Network
|
-
|
-
|
F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-suppli…
New
|
CWE-22
Path Traversal
|
CVE-2026-43624
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216
|
5.9 |
MEDIUM
Network
|
-
|
-
|
CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp a…
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-43625
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217
|
7.1 |
HIGH
Network
|
-
|
-
|
CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in tempora…
New
|
CWE-377
Insecure Temporary File
|
CVE-2026-49134
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218
|
7.1 |
HIGH
Local
|
-
|
-
|
CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictabl…
New
|
CWE-59
CWE-377
Link Following
Insecure Temporary File
|
CVE-2026-49135
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219
|
5.0 |
MEDIUM
Network
|
-
|
-
|
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the web_fetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL th…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-49138
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220
|
- |
|
-
|
-
|
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by su…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-49139
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
