|
631
|
5.0 |
MEDIUM
Local
|
-
|
-
|
A use-after-free in the gf_filter_pid_get_packet function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted…
|
CWE-416
Use After Free
|
CVE-2025-60466
|
2026-06-27 15:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
632
|
6.1 |
MEDIUM
Local
|
-
|
-
|
A use-after-free in the gf_filter_pid_inst_swap function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted …
|
CWE-416
Use After Free
|
CVE-2025-60465
|
2026-06-27 15:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
633
|
7.2 |
HIGH
Network
|
-
|
-
|
A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration…
|
CWE-863
Incorrect Authorization
|
CVE-2026-9640
|
2026-06-27 14:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
634
|
7.8 |
HIGH
Local
|
freebsd
|
freebsd
|
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by se…
|
CWE-123
Write-what-where Condition
|
CVE-2026-45257
|
2026-06-27 14:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
635
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Use after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted…
|
CWE-416
Use After Free
|
CVE-2026-13283
|
2026-06-27 14:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
636
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Integer overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chr…
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-13281
|
2026-06-27 14:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
637
|
9.6 |
CRITICAL
Network
|
-
|
-
|
A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker mess…
|
CWE-862
Missing Authorization
|
CVE-2026-11807
|
2026-06-27 14:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
638
|
7.5 |
HIGH
Network
|
-
|
-
|
Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that v…
|
CWE-200
CWE-668
Information Exposure
Exposure of Resource to Wrong Sphere
|
CVE-2026-57231
|
2026-06-27 13:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
639
|
7.1 |
HIGH
Local
|
rtklib
|
rtklib
|
RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-56788
|
2026-06-27 13:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
640
|
8.8 |
HIGH
Network
|
-
|
-
|
Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and mod…
|
CWE-862
Missing Authorization
|
CVE-2026-56773
|
2026-06-27 13:17 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
