|
3271
|
- |
|
-
|
-
|
QTS, QuTS hero, QuTScloud are not affected.
We have already fixed the vulnerability in the following version:
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2025-59382
|
2026-06-12 11:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3272
|
7.5 |
HIGH
Network
|
nlnetlabs
|
routinator
|
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes.
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2026-49235
|
2026-06-12 10:37 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3273
|
7.5 |
HIGH
Network
|
nlnetlabs
|
routinator
|
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name …
|
CWE-22
Path Traversal
|
CVE-2026-49233
|
2026-06-12 10:33 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3274
|
7.5 |
HIGH
Network
|
nlnetlabs
|
routinator
|
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes.
This only affects users who allow API access from untrusted n…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-49234
|
2026-06-12 10:28 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3275
|
6.5 |
MEDIUM
Network
|
nsa
|
ghidra
|
Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operation…
|
CWE-22
Path Traversal
|
CVE-2026-52756
|
2026-06-12 10:18 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3276
|
4.4 |
MEDIUM
Local
|
nsa
|
ghidra
|
Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafti…
|
CWE-416
Use After Free
|
CVE-2026-52757
|
2026-06-12 10:10 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3277
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attacke…
|
CWE-601
Open Redirect
|
CVE-2026-53440
|
2026-06-12 10:03 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3278
|
5.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenki…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2026-53442
|
2026-06-12 09:59 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3279
|
7.2 |
HIGH
Network
|
apache
|
answer
|
Improper Restriction of Security Token Assignment vulnerability in Apache Answer.
This issue affects Apache Answer: through 2.0.0.
Previously issued administrative tokens were not invalidated after…
|
CWE-1259
Improper Restriction of Security Token Assignment
|
CVE-2026-25700
|
2026-06-12 09:50 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3280
|
8.3 |
HIGH
Network
|
plane
|
plane
|
Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in …
|
CWE-639
CWE-862
Authorization Bypass Through User-Controlled Key
Missing Authorization
|
CVE-2026-46558
|
2026-06-12 09:49 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
