|
921
|
4.9 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-11790
|
2026-06-9 23:42 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
922
|
3.3 |
LOW
Network
|
-
|
-
|
A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_masked_entry_string() function in auditlog.c copies a fixed-length password mask into a precis…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-11792
|
2026-06-9 23:42 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
923
|
4.9 |
MEDIUM
Network
|
-
|
-
|
A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix() function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-11793
|
2026-06-9 23:42 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
924
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Use after free in WebMIDI in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Update
|
CWE-416
Use After Free
|
CVE-2026-11165
|
2026-06-9 23:24 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
925
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the head…
New
|
CWE-170
CWE-787
Improper Null Termination
Out-of-bounds Write
|
CVE-2026-5067
|
2026-06-9 23:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
926
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
media: rockchip: rkcif: fix off by one bugs
Change these comparisons from > vs >= to avoid accessing one element
beyond the end o…
New
|
-
|
CVE-2026-52907
|
2026-06-9 23:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
927
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
9p: fix access mode flags being ORed instead of replaced
Since commit 1f3e4142c0eb ("9p: convert to the new mount API"),
v9fs_app…
New
|
-
|
CVE-2026-52906
|
2026-06-9 23:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
928
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/core: disallow non-power of two min_region_sz on damon_start()
Commit d8f867fa0825 ("mm/damon: add damon_ctx->min_sz_reg…
New
|
-
|
CVE-2026-52905
|
2026-06-9 23:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
929
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: fix nvkm_device leak on aperture removal failure
When aperture_remove_conflicting_pci_devices() fails during probe, …
New
|
-
|
CVE-2026-52904
|
2026-06-9 23:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
930
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads a…
New
|
CWE-862
Missing Authorization
|
CVE-2026-4986
|
2026-06-9 23:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
