|
1
|
8.1 |
HIGH
Network
|
apache
|
cxf
|
A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identified, which can allow code execution capabilities, if untru…
New
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-50632
|
2026-06-13 03:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2
|
8.1 |
HIGH
Network
|
apache
|
cxf
|
A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to manipulate the JCA deployment descriptor (ra.x…
New
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-50633
|
2026-06-13 03:53 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3
|
7.8 |
HIGH
Local
|
adobe
|
acrobat_dc
acrobat_reader_dc
acrobat
|
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current u…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-47952
|
2026-06-13 03:50 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4
|
6.5 |
MEDIUM
Network
|
apache
|
cxf
|
A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticated by the accepted signature. This can bypass the application's…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-50634
|
2026-06-13 03:49 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5
|
7.8 |
HIGH
Local
|
adobe
|
acrobat_dc
acrobat_reader_dc
acrobat
|
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploit…
New
|
CWE-416
Use After Free
|
CVE-2026-47955
|
2026-06-13 03:49 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6
|
7.8 |
HIGH
Local
|
adobe
|
acrobat_dc
acrobat_reader_dc
acrobat
|
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploit…
New
|
CWE-416
Use After Free
|
CVE-2026-47915
|
2026-06-13 03:48 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
7
|
4.3 |
MEDIUM
Network
|
redhat
|
directory_server
389_directory_server
enterprise_linux
|
A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated user…
Update
|
CWE-843
Type Confusion
|
CVE-2026-11785
|
2026-06-13 03:47 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
8
|
6.5 |
MEDIUM
Network
|
redhat
|
directory_server
389_directory_server
enterprise_linux
|
A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-11786
|
2026-06-13 03:40 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
9
|
6.3 |
MEDIUM
Network
|
redhat
|
directory_server
389_directory_server
enterprise_linux
|
A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that …
Update
|
CWE-126
Buffer Over-read
|
CVE-2026-11787
|
2026-06-13 03:38 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
10
|
7.5 |
HIGH
Network
|
redhat
|
directory_server
389_directory_server
enterprise_linux
|
A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the L…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-11788
|
2026-06-13 03:30 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
