|
211
|
4.7 |
MEDIUM
Local
|
-
|
-
|
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of t…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-45614
|
2026-06-5 00:35 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212
|
7.8 |
HIGH
Local
|
-
|
-
|
A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials (Basic auth header or UAA client secret) and can tamper with the VM list that is written into th…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-41859
|
2026-06-5 00:35 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213
|
8.2 |
HIGH
Local
|
-
|
-
|
PackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" where tgz = File.join(release_dir, 'packages', "#{name}.tgz") and name = package_meta['name'] comes directly from release.MF inside the uplo…
New
|
CWE-78
OS Command
|
CVE-2026-41011
|
2026-06-5 00:35 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214
|
7.5 |
HIGH
Network
|
-
|
-
|
Weak Randomness / Insecure Cryptographic Primitive (CWE-338) in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a s…
New
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-41858
|
2026-06-5 00:35 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215
|
8.8 |
HIGH
Local
|
-
|
-
|
CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelper#create_async_endpoint and #send_http_get_request_synchronous hard-co…
New
|
CWE-326
Inadequate Encryption Strength
|
CVE-2026-41860
|
2026-06-5 00:35 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216
|
8.2 |
HIGH
Local
|
-
|
-
|
ReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(@release_dir, 'jobs', "#{name}.tgz") where name returns @job_meta['name'], a value taken verbatim from…
New
|
CWE-78
OS Command
|
CVE-2026-41010
|
2026-06-5 00:35 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217
|
6.7 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A lo…
New
|
CWE-78
OS Command
|
CVE-2026-10805
|
2026-06-5 00:35 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218
|
9.6 |
CRITICAL
Network
|
-
|
-
|
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources…
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-10840
|
2026-06-5 00:35 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219
|
7.2 |
HIGH
Network
|
-
|
-
|
A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being rest…
New
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-10843
|
2026-06-5 00:35 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220
|
9.6 |
CRITICAL
Adjacent
|
-
|
-
|
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting un…
New
|
CWE-77
Command Injection
|
CVE-2026-8037
|
2026-06-5 00:35 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
