|
1
|
8.2 |
HIGH
Network
|
-
|
-
|
driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle_0x27_SecurityAccess() function in iso14229.c that allows a remote unauthenticated atta…
New
|
CWE-125
CWE-191
Out-of-bounds Read
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-54413
|
2026-06-15 03:17 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2
|
8.2 |
HIGH
Network
|
-
|
-
|
LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqtt_unpack_publish_response() function in src/mqtt.c that allows a remote unauthenticate…
New
|
CWE-125
CWE-191
Out-of-bounds Read
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-54412
|
2026-06-15 03:17 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or net…
New
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-54411
|
2026-06-15 03:17 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4
|
8.6 |
HIGH
Network
|
-
|
-
|
nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recv_msg_header() function of the Modbus/TCP server that allows remote unauthenticated attackers to write one attacker-control…
New
|
CWE-193
CWE-787
Off-by-one Error
Out-of-bounds Write
|
CVE-2026-54410
|
2026-06-15 03:17 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations.
The default algorithm is HMAC-SHA1, which should only be used for legacy systems.
These versi…
New
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2026-9641
|
2026-06-15 00:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6
|
- |
|
-
|
-
|
Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle.
Config::IniFiles::_make_filehandle open…
New
|
CWE-73
CWE-78
External Control of File Name or Path
OS Command
|
CVE-2026-11527
|
2026-06-14 21:16 |
2026-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
7
|
- |
|
-
|
-
|
GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle.
GD::Image::_make_filehandle opens a filename argument wit…
New
|
CWE-73
CWE-78
External Control of File Name or Path
OS Command
|
CVE-2026-11526
|
2026-06-14 21:16 |
2026-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
8
|
- |
|
-
|
-
|
The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use …
New
|
-
|
CVE-2025-15546
|
2026-06-14 17:16 |
2026-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
9
|
7.8 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
media: rockchip: rkcif: fix off by one bugs
Change these comparisons from > vs >= to avoid accessing one element
beyond the end o…
Update
|
-
|
CVE-2026-52907
|
2026-06-14 15:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
10
|
7.7 |
HIGH
Local
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
9p: fix access mode flags being ORed instead of replaced
Since commit 1f3e4142c0eb ("9p: convert to the new mount API"),
v9fs_app…
Update
|
-
|
CVE-2026-52906
|
2026-06-14 15:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
