|
2061
|
6.1 |
MEDIUM
Physics
|
dell
|
thinos
|
Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerabilit…
|
CWE-284
Improper Access Control
|
CVE-2026-40713
|
2026-06-5 02:37 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2062
|
7.8 |
HIGH
Local
|
dell
|
thinos
|
Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, le…
|
CWE-284
Improper Access Control
|
CVE-2026-40715
|
2026-06-5 02:29 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2063
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-10701
|
2026-06-5 02:25 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2064
|
5.3 |
MEDIUM
Network
|
-
|
-
|
OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes `Parse` to process arbitrarily large/invalid baggage headers and log …
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-41178
|
2026-06-5 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2065
|
7.1 |
HIGH
Physics
|
-
|
-
|
GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to extract these active toke…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2026-36176
|
2026-06-5 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2066
|
6.8 |
MEDIUM
Physics
|
-
|
-
|
An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted str…
|
CWE-20
CWE-288
Improper Input Validation
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-36175
|
2026-06-5 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2067
|
9.1 |
CRITICAL
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-8644
|
2026-06-5 01:58 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2068
|
9.0 |
CRITICAL
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-9319
|
2026-06-5 01:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2069
|
9.0 |
CRITICAL
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.
|
CWE-94
Code Injection
|
CVE-2026-9311
|
2026-06-5 01:53 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2070
|
8.5 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remo…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-9330
|
2026-06-5 01:52 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
