|
11
|
6.5 |
MEDIUM
Network
|
redhat
|
directory_server
389_directory_server
enterprise_linux
|
A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a…
Update
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-11789
|
2026-06-13 03:30 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
4.9 |
MEDIUM
Network
|
redhat
|
directory_server
389_directory_server
enterprise_linux
|
A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker…
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-11790
|
2026-06-13 03:21 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations.
The default algorithm is HMAC-SHA1, which should only be used for legacy systems.
These versi…
New
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2026-9641
|
2026-06-13 03:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
7.5 |
HIGH
Network
|
-
|
-
|
Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts.
These versions use the built-in rand function, which is predictable and unsuitable for cryptography.
New
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-9638
|
2026-06-13 03:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
7.6 |
HIGH
Network
|
-
|
-
|
Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email ad…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-53981
|
2026-06-13 03:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
7.8 |
HIGH
Local
|
-
|
-
|
Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via loca…
New
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-53406
|
2026-06-13 03:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
10.0 |
CRITICAL
Network
|
-
|
-
|
SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity toke…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-48558
|
2026-06-13 03:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
8.0 |
HIGH
Network
|
-
|
-
|
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high…
New
|
CWE-78
OS Command
|
CVE-2026-48165
|
2026-06-13 03:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
8.0 |
HIGH
Network
|
-
|
-
|
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during…
New
|
CWE-78
OS Command
|
CVE-2026-48163
|
2026-06-13 03:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
7.8 |
HIGH
Local
|
-
|
-
|
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. E…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-47965
|
2026-06-13 03:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
