|
651
|
8.1 |
HIGH
Network
|
openstack
|
ironic
|
OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.
New
|
CWE-23
Relative Path Traversal
|
CVE-2026-48681
|
2026-06-5 03:40 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
652
|
5.9 |
MEDIUM
Local
|
libexpat_project
|
libexpat
|
libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation.…
New
|
CWE-416
Use After Free
|
CVE-2026-50219
|
2026-06-5 03:39 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
653
|
7.5 |
HIGH
Network
|
solarwinds
|
web_help_desk
|
SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server to crash due to insufficient memory.
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-28299
|
2026-06-5 03:39 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
654
|
4.3 |
MEDIUM
Network
|
hcltech
|
icontrol
|
HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain…
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2025-52606
|
2026-06-5 03:38 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
655
|
4.3 |
MEDIUM
Network
|
hcltech
|
icontrol
|
HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path…
New
|
CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
|
CVE-2025-52608
|
2026-06-5 03:38 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
656
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3.
New
|
CWE-843
Type Confusion
|
CVE-2026-10702
|
2026-06-5 03:38 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
657
|
5.3 |
MEDIUM
Network
|
openquantumsafe
|
liboqs
|
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT …
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-46344
|
2026-06-5 03:38 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
658
|
5.3 |
MEDIUM
Network
|
openquantumsafe
|
liboqs
|
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT …
Update
|
CWE-20
CWE-125
Improper Input Validation
Out-of-bounds Read
|
CVE-2026-44518
|
2026-06-5 03:36 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
659
|
5.3 |
MEDIUM
Network
|
hcltech
|
icontrol
|
HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of modern web browsers.
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2025-52609
|
2026-06-5 03:34 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
660
|
4.3 |
MEDIUM
Network
|
hcltech
|
icontrol
|
HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Spec…
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2025-52611
|
2026-06-5 03:34 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
