|
621
|
6.7 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges …
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-48914
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
622
|
- |
|
-
|
-
|
A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remedia…
New
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-9266
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
623
|
8.7 |
HIGH
Network
|
-
|
-
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's…
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-47135
|
2026-06-13 01:03 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
624
|
10.0 |
CRITICAL
Network
|
-
|
-
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check in nodevm.js line 263 that blocks the combination nesting: t…
New
|
CWE-913
Improper Control of Dynamically-Managed Code Resources
|
CVE-2026-47137
|
2026-06-13 01:03 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
625
|
8.6 |
HIGH
Network
|
-
|
-
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js (line 1231) ignores the receiver parameter and unconditionally writes to the host target o…
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-47209
|
2026-06-13 01:03 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
626
|
8.0 |
HIGH
Network
|
microsoft
|
sharepoint_server
|
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Update
|
CWE-285
Improper Authorization
|
CVE-2026-47298
|
2026-06-13 01:00 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
627
|
8.8 |
HIGH
Network
|
-
|
-
|
The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operat…
New
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-12059
|
2026-06-13 01:00 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
628
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim …
New
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-12060
|
2026-06-13 01:00 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
629
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File Read vulnerability, allowing privileged remote attackers to access files outside the intended director…
New
|
CWE-22
Path Traversal
|
CVE-2026-11844
|
2026-06-13 01:00 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
630
|
7.2 |
HIGH
Network
|
-
|
-
|
The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, allowing privileged remote attackers to inject arbitrary OS commands and execute …
New
|
CWE-78
OS Command
|
CVE-2026-11845
|
2026-06-13 01:00 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
