|
4261
|
9.6 |
CRITICAL
Network
|
ivanti
|
xtraction
|
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to …
|
CWE-73
External Control of File Name or Path
|
CVE-2026-8043
|
2026-05-14 05:34 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4262
|
5.0 |
MEDIUM
Local
|
-
|
-
|
csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories.
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-41051
|
2026-05-14 05:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4263
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_designer
|
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-34684
|
2026-05-14 05:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4264
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_designer
|
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-34683
|
2026-05-14 05:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4265
|
5.9 |
MEDIUM
Network
|
vercel
|
next.js
|
Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fe…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-44577
|
2026-05-14 05:00 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4266
|
5.5 |
MEDIUM
Local
|
pengutronix
|
barebox
|
barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directo…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-34962
|
2026-05-14 04:58 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4267
|
7.7 |
HIGH
Local
|
pengutronix
|
barebox
|
barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the eh_entries field against buffer capacity in fs/ext4/ext4_common.…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-34961
|
2026-05-14 04:57 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4268
|
7.8 |
HIGH
Local
|
pengutronix
|
barebox
|
barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithm…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-34963
|
2026-05-14 04:44 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4269
|
7.8 |
HIGH
Local
|
adobe
|
after_effects
|
After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitat…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-34690
|
2026-05-14 04:42 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4270
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_designer
|
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-34682
|
2026-05-14 04:40 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
