|
281
|
8.8 |
HIGH
Network
|
jenkins
|
jenkins
|
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or plugins from an attacker-controlled `config.…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-53435
|
2026-06-11 22:26 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments (`./` or `../`), a…
New
|
CWE-601
Open Redirect
|
CVE-2026-53436
|
2026-06-11 22:24 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab or newline characters between `//`, a…
New
|
CWE-601
Open Redirect
|
CVE-2026-53437
|
2026-06-11 22:23 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have…
New
|
CWE-862
Missing Authorization
|
CVE-2026-53438
|
2026-06-11 22:21 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names …
New
|
CWE-862
Missing Authorization
|
CVE-2026-53439
|
2026-06-11 22:06 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_sampler
|
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-34709
|
2026-06-11 22:05 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287
|
7.8 |
HIGH
Local
|
-
|
-
|
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trust_remote_code=True" enables HF supply-chain RCE without user opt-in. …
New
|
CWE-94
CWE-915
CWE-1188
Code Injection
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Insecure Default Initialization of Resource
|
CVE-2026-46517
|
2026-06-11 21:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288
|
- |
|
-
|
-
|
A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device.
New
|
CWE-20
Improper Input Validation
|
CVE-2026-9213
|
2026-06-11 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289
|
- |
|
-
|
-
|
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks im…
New
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-0420
|
2026-06-11 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290
|
- |
|
-
|
-
|
An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intende…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-0416
|
2026-06-11 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
