|
1301
|
8.4 |
HIGH
ネットワーク
|
-
|
-
|
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2026-41098
|
2026-06-10 02:17 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1302
|
8.8 |
HIGH
ネットワーク
|
-
|
-
|
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.
|
CWE-280
権限管理不備
|
CVE-2026-40371
|
2026-06-10 02:17 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1303
|
8.8 |
HIGH
ローカル
|
-
|
-
|
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally.
|
CWE-22
パス・トラバーサル
|
CVE-2026-32193
|
2026-06-10 02:17 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1304
|
4.8 |
MEDIUM
隣接
|
-
|
-
|
A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website.
|
CWE-601
オープンリダイレクト
|
CVE-2026-28301
|
2026-06-10 02:17 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1305
|
9.8 |
CRITICAL
ネットワーク
|
-
|
-
|
Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network.
|
CWE-502
信頼性のないデータのデシリアライゼーション
|
CVE-2026-26142
|
2026-06-10 02:17 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1306
|
7.3 |
HIGH
ローカル
|
-
|
-
|
NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering…
|
CWE-129
配列インデックスの不適切な検証
|
CVE-2026-24181
|
2026-06-10 02:17 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1307
|
7.3 |
HIGH
ローカル
|
-
|
-
|
NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering…
|
CWE-122
ヒープオーバーフロー
|
CVE-2026-24180
|
2026-06-10 02:17 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1308
|
8.1 |
HIGH
ネットワーク
|
-
|
-
|
Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service. The helper validates connecting XPC clients using the clien…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) 競合状態
|
CVE-2026-24065
|
2026-06-10 02:17 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1309
|
7.8 |
HIGH
ローカル
|
-
|
-
|
Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability.
|
CWE-22
パス・トラバーサル
|
CVE-2026-22926
|
2026-06-10 02:17 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1310
|
7.3 |
HIGH
ネットワーク
|
-
|
-
|
A security flaw has been discovered in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/admin_login.php of the com…
|
CWE-74
CWE-89
インジェクション
SQLインジェクション
|
CVE-2026-11531
|
2026-06-10 02:17 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1311
|
4.3 |
MEDIUM
ネットワーク
|
-
|
-
|
A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least p…
|
CWE-266
CWE-272
不適切な権限設定
最小権限の違反
|
CVE-2026-11494
|
2026-06-10 02:17 |
2026-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1312
|
- |
-
|
-
|
-
|
Two endpoints in the Vault Service ScriptsController, shared by Altium Enterprise Server and Altium 365, accept file uploads where a user-supplied filename component is used to construct the destinat…
|
CWE-22
CWE-306
パス・トラバーサル
重要な機能に対する認証の欠如 解説
|
CVE-2026-11429
|
2026-06-10 02:17 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1313
|
8.8 |
HIGH
ネットワーク
|
-
|
-
|
A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stac…
|
CWE-119
CWE-121
バッファエラー
スタックオーバーフロー
|
CVE-2026-11413
|
2026-06-10 02:17 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1314
|
6.3 |
MEDIUM
ネットワーク
|
-
|
-
|
A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file …
|
CWE-266
CWE-285
不適切な権限設定
不適切な認可
|
CVE-2026-11336
|
2026-06-10 02:17 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1315
|
9.1 |
CRITICAL
ネットワーク
|
-
|
-
|
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C,…
|
CWE-362
競合状態
|
CVE-2025-10263
|
2026-06-10 02:16 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1316
|
7.5 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in TabStrip in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page.…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11632
|
2026-06-10 01:58 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1317
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: Critical)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11633
|
2026-06-10 01:57 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1318
|
9.6 |
CRITICAL
ネットワーク
|
google
|
chrome
|
Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: C…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11634
|
2026-06-10 01:56 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1319
|
8.3 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11635
|
2026-06-10 01:56 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1320
|
7.5 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption …
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11636
|
2026-06-10 01:50 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1321
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11637
|
2026-06-10 01:49 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1322
|
8.8 |
HIGH
ネットワーク
|
samlify_project
|
samlify
|
samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text (e.g., <saml:Attribut…
|
CWE-91
ブラインド XPath インジェクション
|
CVE-2026-46490
|
2026-06-10 01:48 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1323
|
7.1 |
HIGH
ネットワーク
|
snipeitapp
|
snipe-it
|
Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to lock every admin out of the …
|
CWE-863
不正な認証
|
CVE-2026-48507
|
2026-06-10 01:41 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1324
|
9.8 |
CRITICAL
ネットワーク
|
apache
|
http_server
|
Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Users are recommended to upgrade to…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-29167
|
2026-06-10 01:29 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1325
|
6.1 |
MEDIUM
ネットワーク
|
apache
|
http_server
|
A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or revers…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2026-29170
|
2026-06-10 01:21 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1326
|
7.5 |
HIGH
ネットワーク
|
apache
|
http_server
|
A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend.
Users are recommended to upgrade to version 2.4.68, which fixes this issue.
|
CWE-122
ヒープオーバーフロー
|
CVE-2026-34355
|
2026-06-10 01:20 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1327
|
8.8 |
HIGH
ネットワーク
|
dlink
|
dwr-m920_firmware
|
A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in …
|
CWE-74
CWE-77
インジェクション
コマンドインジェクション
|
CVE-2026-11339
|
2026-06-10 01:17 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1328
|
7.5 |
HIGH
ネットワーク
|
apache
|
http_server
|
Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie*
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Users are…
|
CWE-122
ヒープオーバーフロー
|
CVE-2026-34356
|
2026-06-10 01:17 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1329
|
8.8 |
HIGH
ネットワーク
|
dlink
|
dir-823g_firmware
|
A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in…
|
CWE-266
CWE-272
不適切な権限設定
最小権限の違反
|
CVE-2026-11492
|
2026-06-10 01:17 |
2026-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1330
|
7.5 |
HIGH
ネットワーク
|
dlink
|
dgs-1100-08pd_firmware
|
A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least …
|
CWE-266
CWE-272
不適切な権限設定
最小権限の違反
|
CVE-2026-11555
|
2026-06-10 01:16 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1331
|
8.8 |
HIGH
ネットワーク
|
dlink
|
dcs-5615_firmware
|
A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipul…
|
CWE-266
CWE-272
不適切な権限設定
最小権限の違反
|
CVE-2026-11497
|
2026-06-10 01:16 |
2026-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1332
|
- |
-
|
-
|
-
|
CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user…
|
CWE-611
XML 外部エンティティ参照の不適切な制限
|
CVE-2026-8045
|
2026-06-10 01:16 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1333
|
9.8 |
CRITICAL
ネットワーク
|
-
|
-
|
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection.
This issue affects CBS Pla…
|
CWE-89
SQLインジェクション
|
CVE-2026-8025
|
2026-06-10 01:16 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1334
|
5.3 |
MEDIUM
ネットワーク
|
-
|
-
|
In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash.
|
CWE-770
制限またはスロットリング無しのリソースの割り当て
|
CVE-2026-50589
|
2026-06-10 01:16 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1335
|
8.1 |
HIGH
ネットワーク
|
-
|
-
|
Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider…
|
CWE-862
認証の欠如
|
CVE-2026-49948
|
2026-06-10 01:16 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1336
|
- |
-
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of `<iframe>` el…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2026-46396
|
2026-06-10 01:16 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1337
|
- |
-
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenti…
|
CWE-639
ユーザ制御の鍵による認証回避
|
CVE-2026-46390
|
2026-06-10 01:16 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1338
|
6.5 |
MEDIUM
ネットワーク
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site crea…
|
CWE-20
不適切な入力確認
|
CVE-2026-46357
|
2026-06-10 01:16 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1339
|
9.0 |
CRITICAL
ネットワーク
|
termix
|
termix
|
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Brok…
|
CWE-284
CWE-639
不適切なアクセス制御
ユーザ制御の鍵による認証回避
|
CVE-2026-45746
|
2026-06-10 01:16 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1340
|
7.5 |
HIGH
ネットワーク
|
-
|
-
|
An issue in the Externalizable.readExternal() component of Controller v12.0.5 allows attackers to cause a Denial of Service (DoS) via a crafted input.
|
CWE-20
不適切な入力確認
|
CVE-2026-36501
|
2026-06-10 01:16 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1341
|
6.3 |
MEDIUM
ネットワーク
|
-
|
-
|
A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Lega…
|
CWE-266
CWE-285
不適切な権限設定
不適切な認可
|
CVE-2026-11619
|
2026-06-10 01:16 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1342
|
7.3 |
HIGH
ネットワーク
|
-
|
-
|
A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInt…
|
CWE-287
不適切な認証
|
CVE-2026-11618
|
2026-06-10 01:16 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1343
|
8.8 |
HIGH
ネットワーク
|
-
|
-
|
A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupNam…
|
CWE-119
CWE-120
バッファエラー
古典的バッファオーバーフロー
|
CVE-2026-11517
|
2026-06-10 01:16 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1344
|
6.3 |
MEDIUM
ネットワーク
|
-
|
-
|
A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title of the file hermes_state.py of the component resume Endpoint. Such manipul…
|
CWE-285
CWE-639
不適切な認可
ユーザ制御の鍵による認証回避
|
CVE-2026-11461
|
2026-06-10 01:16 |
2026-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1345
|
6.3 |
MEDIUM
ネットワーク
|
-
|
-
|
A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpc_sys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipu…
|
CWE-74
CWE-77
インジェクション
コマンドインジェクション
|
CVE-2026-11449
|
2026-06-10 01:16 |
2026-06-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1346
|
7.2 |
HIGH
ネットワーク
|
-
|
-
|
An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root
|
CWE-78
OSコマンド・インジェクション
|
CVE-2026-10727
|
2026-06-10 01:16 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1347
|
9.9 |
CRITICAL
ネットワーク
|
-
|
-
|
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts…
|
CWE-288
代替パスまたはチャネルを使用した認証回避
|
CVE-2026-10523
|
2026-06-10 01:16 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1348
|
9.1 |
CRITICAL
ネットワーク
|
-
|
-
|
Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks.
Catalyst::Plugin::Authentication does not automatically change the session id after aut…
|
CWE-384
セッションの固定化
|
CVE-2009-10007
|
2026-06-10 01:16 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1349
|
9.1 |
CRITICAL
ネットワーク
|
apache
|
http_server
|
A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes.
User…
|
CWE-668
誤った領域へのリソースの漏えい
|
CVE-2026-42535
|
2026-06-10 01:00 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1350
|
7.5 |
HIGH
ネットワーク
|
apache
|
http_server
|
Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Users are re…
|
CWE-122
ヒープオーバーフロー
|
CVE-2026-42536
|
2026-06-10 00:55 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
