|
701
|
6.8 |
MEDIUM
Physics
|
-
|
-
|
An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted str…
New
|
CWE-20
CWE-288
Improper Input Validation
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-36175
|
2026-06-5 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
702
|
9.1 |
CRITICAL
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.
Update
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-8644
|
2026-06-5 01:58 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
703
|
9.0 |
CRITICAL
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-9319
|
2026-06-5 01:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
704
|
9.0 |
CRITICAL
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.
Update
|
CWE-94
Code Injection
|
CVE-2026-9311
|
2026-06-5 01:53 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
705
|
8.5 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remo…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-9330
|
2026-06-5 01:52 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
706
|
5.5 |
MEDIUM
Local
|
pypa
|
pip
|
pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed out…
Update
|
CWE-22
Path Traversal
|
CVE-2026-8643
|
2026-06-5 01:52 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
707
|
6.8 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticate…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45810
|
2026-06-5 01:51 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
708
|
7.1 |
HIGH
Network
|
nextcloud
|
tables
|
Nextcloud is an open source content collaboration platform. From versions 0.9.0 to before 0.9.7, and 1.0.0 to before 1.0.2, a missing sanitization in the Tables app allowed a user with access to the …
Update
|
CWE-89
SQL Injection
|
CVE-2026-45722
|
2026-06-5 01:50 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
709
|
5.9 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie (created after successful …
Update
|
CWE-287
Improper Authentication
|
CVE-2026-45691
|
2026-06-5 01:50 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
710
|
5.9 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authentication bypass vulnerability allowed atta…
Update
|
CWE-287
Improper Authentication
|
CVE-2026-45690
|
2026-06-5 01:50 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
