|
681
|
7.4 |
HIGH
Network
|
-
|
-
|
A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTok…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-50631
|
2026-06-13 00:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
682
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage…
|
CWE-113
HTTP Response Splitting
|
CVE-2026-50630
|
2026-06-13 00:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
683
|
- |
|
-
|
-
|
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticket with a reason containing @everyone, @here, user me…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-47173
|
2026-06-13 00:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
684
|
5.0 |
MEDIUM
Network
|
-
|
-
|
An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2)…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-11850
|
2026-06-13 00:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
685
|
7.8 |
HIGH
Local
|
adobe
|
format_plugins
|
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of …
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-48291
|
2026-06-13 00:15 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
686
|
9.8 |
CRITICAL
Network
|
siemens
|
sinec_ins
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all us…
|
CWE-760
Use of a One-Way Hash with a Predictable Salt
|
CVE-2026-46749
|
2026-06-13 00:15 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
687
|
10.0 |
CRITICAL
Network
|
adobe
|
campaign
|
Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current…
|
CWE-863
Incorrect Authorization
|
CVE-2026-48303
|
2026-06-13 00:02 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
688
|
5.5 |
MEDIUM
Local
|
adobe
|
acrobat
acrobat_reader
|
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this v…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-47961
|
2026-06-12 23:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
689
|
7.8 |
HIGH
Local
|
adobe
|
acrobat
acrobat_reader
|
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current …
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-47959
|
2026-06-12 23:41 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
690
|
- |
|
-
|
-
|
Rejected reason: Reserved but no longer needed.
|
-
|
CVE-2026-54102
|
2026-06-12 23:16 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
