|
541
|
- |
|
-
|
-
|
LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to th…
New
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2026-10549
|
2026-06-2 23:45 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
542
|
8.8 |
HIGH
Network
|
-
|
-
|
microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw_to_header() function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a cra…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-43623
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
543
|
8.2 |
HIGH
Network
|
-
|
-
|
F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-suppli…
New
|
CWE-22
Path Traversal
|
CVE-2026-43624
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
544
|
5.9 |
MEDIUM
Network
|
-
|
-
|
CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp a…
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-43625
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
545
|
7.1 |
HIGH
Network
|
-
|
-
|
CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in tempora…
New
|
CWE-377
Insecure Temporary File
|
CVE-2026-49134
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
546
|
7.1 |
HIGH
Local
|
-
|
-
|
CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictabl…
New
|
CWE-59
CWE-377
Link Following
Insecure Temporary File
|
CVE-2026-49135
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
547
|
5.0 |
MEDIUM
Network
|
-
|
-
|
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the web_fetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL th…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-49138
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
548
|
- |
|
-
|
-
|
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by su…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-49139
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
549
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Nanobot prior to version 0.2.1 contains a denial of service vulnerability in the Matrix channel media download handler that allows authenticated room members to exhaust process memory and bandwidth b…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-49140
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
550
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers ca…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2018-25427
|
2026-06-2 23:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
