{"cves":[{"cve_id":"CVE-2026-49982","summary":"tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value (Array, Buffer, or any object) whose includes('..') returns falsy but whose stringification still contains ../. The value flows through Array.prototype.join/String coercion inside _generateTmpName and path.join(tmpDir, opts.dir, name), producing a final path that escapes tmpdir and creates a file or directory at an attacker-controlled location with the host process's privileges. This affects any application that forwards untrusted request data (a common pattern is JSON body fields or qs-parsed bracket-array query strings such as ?prefix[]=...) into tmp.file, tmp.fileSync, tmp.dir, tmp.dirSync, tmp.tmpName, or tmp.tmpNameSync without explicit type coercion. This vulnerability is fixed in 0.2.7.","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/raszi/node-tmp/security/advisories/GHSA-7c78-jf6q-g5cm"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T17:16:35","euvd":null},{"cve_id":"CVE-2026-44490","summary":"Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When Object.prototype is polluted by an upstream dependency in the same process (e.g. lodash _.merge / CVE-2018-16487), axios silently picks up the polluted values. (1) lib/utils.js line 406 builds merge()'s accumulator as result = {}, so result[targetKey] (line 414) walks Object.prototype and the polluted bucket's own keys are copied into the merged headers and ride out on the wire. (2) lib/core/mergeConfig.js line 26 builds the hasOwnProperty descriptor as a plain-object literal. Object.defineProperty reads descriptor.get/descriptor.set via the prototype chain, so a polluted Object.prototype.get or Object.prototype.set makes the call throw TypeError synchronously on every axios request. This vulnerability is fixed in 0.32.0 and 1.16.0.","cvss":4.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.8,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/axios/axios/security/advisories/GHSA-898c-q2cr-xwhg"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T17:16:33","euvd":null},{"cve_id":"CVE-2026-44492","summary":"Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NO_PROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form (::ffff:7f00:1, ::ffff:a9fe:a9fe) still routes through the configured proxy. Node.js resolves these addresses to the underlying IPv4 host, so the request reaches the internal service via the proxy rather than being blocked. This vulnerability is fixed in 0.32.0 and 1.16.0.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T17:16:33","euvd":null},{"cve_id":"CVE-2026-44494","summary":"Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution \"Gadget\" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle (MITM) attack — intercepting, reading, and modifying all HTTP traffic including authentication credentials. The HTTP adapter at lib/adapters/http.js:670 reads config.proxy via standard property access, which traverses the prototype chain. Because proxy is not present in Axios defaults, the merged config object has no own proxy property, making it trivially injectable via prototype pollution. Once injected, setProxy() routes all HTTP requests through the attacker's proxy server. This vulnerability is fixed in 1.16.0.","cvss":8.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.7,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T17:16:33","euvd":null},{"cve_id":"CVE-2026-44495","summary":"Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted Object.prototype.transformResponse, affected Axios versions may treat that inherited value as request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request. This vulnerability is fixed in 0.31.1 and 1.15.2.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T17:16:33","euvd":null},{"cve_id":"CVE-2026-44496","summary":"Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who can influence the cookie name passed to axios can cause expensive regex backtracking while axios reads document.cookie. The practical impact is client-side availability degradation, such as freezing the affected browser tab while axios prepares a request. The issue does not affect ordinary Node.js HTTP adapter usage, React Native, or web workers, where axios does not read document.cookie. This vulnerability is fixed in 0.32.0 and 1.16.0.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T17:16:33","euvd":null},{"cve_id":"CVE-2026-44705","summary":"tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal sequences (e.g., ../) or path separators in these parameters, attackers can cause files to be created outside the configured temporary base directory at attacker-controlled locations with the privileges of the running process. This vulnerability affects applications that pass user-controlled data to tmp's file/directory creation functions without proper input sanitization. This vulnerability is fixed in 0.2.6.","cvss":7.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":7.7,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/raszi/node-tmp/security/advisories/GHSA-ph9p-34f9-6g65"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T17:16:33","euvd":null},{"cve_id":"CVE-2026-44486","summary":"Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axios then follows a redirect and the redirected request is no longer sent through that proxy, the stale Proxy-Authorization header can remain on the redirected request and be sent to the redirect target. This affects Node.js's use of Axios with automatic redirects enabled and an authenticated proxy configuration. Browser adapters are not affected. This vulnerability is fixed in 0.32.0 and 1.16.0.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T17:16:32","euvd":null},{"cve_id":"CVE-2026-44487","summary":"Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is sent through an authenticated HTTP proxy, redirects are followed, and the redirected URL is no longer proxied. Under affected redirect shapes, the final origin can receive the proxy credential that was intended only for the outbound proxy. This vulnerability is fixed in 0.32.0 and 1.16.0.","cvss":8.2,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.2,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T17:16:32","euvd":null},{"cve_id":"CVE-2026-44488","summary":"Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolved to the fetch adapter, could receive or send bodies larger than maxContentLength or maxBodyLength despite those limits being explicitly configured. This can cause resource exhaustion in server-side usage when a malicious or compromised server returns an oversized response, when an attacker can supply a large data: URL, or when an application forwards attacker-controlled request bodies through axios while relying on maxBodyLength as a boundary. This vulnerability is fixed in 0.32.0 and 1.16.0.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T17:16:32","euvd":null},{"cve_id":"CVE-2026-44489","summary":"Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., config.proxy) are still constructed as plain {} with Object.prototype in their chain. The setProxy() function at lib/adapters/http.js:209-223 reads proxy.username, proxy.password, and proxy.auth without hasOwnProperty checks. When Object.prototype.username is polluted, setProxy() constructs a Proxy-Authorization header with attacker-controlled credentials and injects it into every proxied HTTP request. This vulnerability is fixed in 1.16.0.","cvss":3.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.7,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/axios/axios/security/advisories/GHSA-654m-c8p4-x5fp"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T17:16:32","euvd":null},{"cve_id":"CVE-2026-11945","summary":"PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the import_database_rules() or import_roles_rules() functions, the malicious code is executed with superuser privileges. The problem is resolved in PostgreSQL Anonymizer 3.1.1 and further versions","cvss":6.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.4,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/643"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T17:16:31","euvd":null},{"cve_id":"CVE-2026-7787","summary":"IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.ibm.com/support/pages/node/7275453"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T16:16:25","euvd":null},{"cve_id":"CVE-2026-7870","summary":"IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.ibm.com/support/pages/node/7275756"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T16:16:25","euvd":null},{"cve_id":"CVE-2026-9648","summary":"The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/haskell/security-advisories/pull/332","https://github.com/kazu-yamamoto/crypton-certificate/pull/30","https://github.com/kazu-yamamoto/crypton-certificate/pull/30/changes/f4b77edf6ead77f4a886da40e41eab20f0180e39","https://hackage.haskell.org/package/crypton-x509-validation-1.9.1/revisions/","https://www.kb.cert.org/vuls/id/862559"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T16:16:25","euvd":null},{"cve_id":"CVE-2026-4096","summary":"IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.ibm.com/support/pages/node/7275005"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T16:16:24","euvd":null},{"cve_id":"CVE-2026-53777","summary":"Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifact_name field of ArtifactReady WebSocket messages. Attackers controlling the server URL can deliver traversal payloads through the artifact_name or download_path fields, causing the client to overwrite sensitive files or expose arbitrary local files to an attacker-accessible location.","cvss":8.6,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":8.6,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/PerryTS/perry/commit/95e1043df8081f67038bffce847dd9ddb3dae046","https://github.com/PerryTS/perry/pull/4989","https://github.com/PerryTS/perry/releases/tag/v0.5.1159","https://github.com/PerryTS/perry/security/advisories/GHSA-x55v-q459-68ch","https://www.vulncheck.com/advisories/perry-path-traversal-via-artifactready-websocket","https://github.com/PerryTS/perry/security/advisories/GHSA-x55v-q459-68ch"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T16:16:24","euvd":null},{"cve_id":"CVE-2026-11839","summary":"Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server.\n\nThis issue affects Rotaban: from V2026.06.002 before V2026.06.003.","cvss":9.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.9,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0367"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T16:16:22","euvd":null},{"cve_id":"CVE-2026-3341","summary":"IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.ibm.com/support/pages/node/7275444"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T16:16:22","euvd":null},{"cve_id":"CVE-2024-45636","summary":"IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user.","cvss":4.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.1,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.ibm.com/support/pages/node/7274828"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T16:16:21","euvd":null},{"cve_id":"CVE-2026-6338","summary":"A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic.","cvss":4.9,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":4.9,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.konghq.com/support/s/article/CVE-2026-6338"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T14:16:32","euvd":null},{"cve_id":"CVE-2026-8406","summary":"openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mail_id value.","cvss":7.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":7.1,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://fluidattacks.com/es/advisories/melanie","https://github.com/OS4ED/openSIS-Classic","https://github.com/OS4ED/openSIS-Classic/commit/c45d43146167324bae06bdf09de3e4bd2e5e478f","https://fluidattacks.com/es/advisories/melanie"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T14:16:32","euvd":null},{"cve_id":"CVE-2026-53661","summary":"Boruta is a standalone authorization server that aims to implement OAuth 2.0 and Openid Connect up to decentralized identity specifications. Prior to version 0.9.1, boruta session cookies and the identity “remember me” cookie were set without the Secure attribute. In deployments where users could reach the same Boruta origin over plaintext HTTP, browsers could send these cookies over an unencrypted connection. An attacker able to observe or intercept that network traffic could recover a valid session or remember-me cookie and reuse it to impersonate the affected user. Affected components include boruta_web, boruta_identity, and boruta_admin. The affected cookies include the shared session cookie, defaulting to _boruta_web_key, and the identity remember-me cookie, defaulting to `_boruta_identity_web_user_remember_me`. The issue is fixed in commit 18691c655164635066aa113003a3cd87f6ed11cd, released as part of version 0.9.1. The patch sets `secure: true` and `same_site: \"Lax\"` on configured session cookies for boruta_web, boruta_identity, and boruta_admin, and sets `secure: true` on the identity remember-me cookie. Until upgrading to a release containing the fix: terminate or reject plaintext HTTP before requests reach Boruta; enforce HTTPS-only access at the reverse proxy or load balancer; enable HSTS for Boruta domains; if cookie exposure is suspected, rotate SECRET_KEY_BASE and BORUTA_SESSION_COOKIE_SIGNING_SALT, then require users to authenticate again. Upgrade to a version containing commit 18691c655164635066aa113003a3cd87f6ed11cd, or apply the patch manually. After deploying the fix, verify that Boruta session and remember-me cookies include the Secure attribute in browser developer tools or with an HTTP response inspection tool.","cvss":8.8,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.8,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/malach-it/boruta-server/commit/18691c655164635066aa113003a3cd87f6ed11cd","https://github.com/malach-it/boruta-server/security/advisories/GHSA-jqgm-pfg6-cr8r","https://github.com/malach-it/boruta_auth/security/advisories/GHSA-7355-8c95-25pv"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T14:16:31","euvd":null},{"cve_id":"CVE-2026-53723","summary":"Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into easy to use model structures. Versions prior ro 1.5.4 do not safely serialize scalar XML element values containing the CDATA terminator `]]>`. The XML request serializer writes values containing `<`, `>`, or `&` with `XMLWriter::writeCData($value)`. If attacker-controlled input contains `]]>`, the CDATA section closes early and the remainder is interpreted as XML markup. This is an outgoing request-body integrity issue, not a response parsing issue. The attacker does not need to control the service description or schema. Users are affected when all of the following are true: the application uses `guzzlehttp/guzzle-services` to serialize outgoing requests; a request parameter or `additionalParameters` schema uses `location: xml`; the value is serialized as XML element text, not an XML attribute; the value can contain attacker-controlled, user-controlled, tenant-controlled, or otherwise untrusted input; the value is not constrained by a safe `enum`, `pattern`, or custom filter that excludes `]]>`; and the downstream service parses the generated XML structurally and may act on unexpected, duplicated, or injected elements. Applications that serialize untrusted input into `location: xml` request parameters can emit XML containing attacker-controlled elements outside the intended text node. Depending on the receiving service, this can alter operation semantics, smuggle privileged fields, bypass modeled parameter boundaries, or create conflicting duplicated elements. Fixed service descriptions are sufficient if they contain an XML element parameter populated from attacker-controlled input. Users are not directly affected if they only use Guzzle Services to deserialize HTTP response bodies. Response XML parsing uses the response XML location visitor and does not invoke the vulnerable request XML serializer. Response bodies matter only in a second-order flow, such as parsing attacker-controlled response XML, storing or forwarding a parsed string value, and later using it as a `location: xml` request parameter. The issue is patched in `1.5.3` and later by safely splitting embedded CDATA terminators before serialization. The fix preserves the original scalar value as XML text and prevents injected nodes. As a workaround, constrain attacker-controlled XML element values with a strict `enum`, `pattern`, or custom filter that excludes `]]>`, or avoid serializing untrusted data into `location: xml` element text until patched. Where appropriate for the service schema, XML attributes are not affected because they are written with XMLWriter attribute APIs rather than CDATA sections. To determine whether action is needed, search service descriptions for request parameters using `location: xml`, including operation `parameters` and `additionalParameters`. Response-only `models` are not directly affected unless parsed values are reused for request serialization. For object and array parameters, review nested scalar properties because leaf element values can still be affected.","cvss":5.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.8,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/guzzle/guzzle-services/security/advisories/GHSA-q8r6-5hfw-5jff"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T14:16:31","euvd":null},{"cve_id":"CVE-2026-38581","summary":"SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) and the id parameter (line 49). The parameters are concatenated directly into SQL queries without sanitization or parameterized statements.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/damasac/thaipalliative_lte/blob/57b57630fb403eba524533062ef5244e9b7c4380/substudy/ezform.php#L14","https://github.com/theemperorspath/advisories/blob/main/2026/CVE-2026-38581.md","https://github.com/theemperorspath/advisories/blob/main/2026/CVE-2026-38581.md"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T14:16:27","euvd":null},{"cve_id":"CVE-2026-10847","summary":"A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process. Successful exploitation could allow an attacker to gain elevated privileges on the affected Windows endpoint.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.checkpoint.com/results/sk/sk185052"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T14:16:26","euvd":null},{"cve_id":"CVE-2026-11816","summary":"Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in `keras/src/utils/file_utils.py`. The functions `filter_safe_tarinfos()` and `filter_safe_zipinfos()` validate archive member paths against the process current working directory (CWD) instead of the actual extraction destination. When the process runs with CWD set to `/`, which is common in Docker containers, CI/CD runners, and Jupyter environments, the validation boundary becomes the filesystem root, allowing traversal paths to bypass the security check. Additionally, the zip filter contains a bug that causes an `AttributeError` when a blocked entry is encountered, leading to incomplete extraction. Furthermore, Python 3.11 installations lack the `filter=\"data\"` safety net, leaving them entirely reliant on the flawed CWD-based filter. Exploitation of this vulnerability can result in arbitrary file writes outside the intended extraction directory, enabling attackers to overwrite configuration files, inject malicious code, or corrupt machine learning datasets and pipelines.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/keras-team/keras/commit/2465b6657b02c8eed308759b7e800e295ae01888","https://huntr.com/bounties/a07e3983-7158-4419-af2b-38f1dea01a4f","https://huntr.com/bounties/a07e3983-7158-4419-af2b-38f1dea01a4f"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T14:16:26","euvd":null},{"cve_id":"CVE-2026-7852","summary":"Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion.\n\nThis issue affects LimRAD NAC: before 5.5.7.3.9.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0366"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T13:16:37","euvd":null},{"cve_id":"CVE-2026-48998","summary":"guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a server request URI from server variables. An attacker can provide a malformed Host header containing URI authority delimiters, such as `trusted.example@evil.example`. When the Host value is used to construct a URI, the malformed value can be reinterpreted as URI userinfo and host. This can cause the PSR-7 request URI host to differ from the original Host header value. Applications are affected if they parse attacker-controlled raw HTTP requests with `GuzzleHttp\\Psr7\\Message::parseRequest()` or the legacy 1.x `GuzzleHttp\\Psr7\\parse_request()` function, or if they build server requests from attacker-controlled server variables, then rely on the resulting URI host for routing, allow-list checks, or forwarding decisions. In affected forwarding or gateway scenarios, this may cause requests or credentials to be sent to an unintended host. The issue is patched in `2.10.2`. `1.x` is end-of-life and will not receive a patch. Some workarounds are available. Validate the `Host` header as `uri-host [ \":\" port ]` before calling `Message::parseRequest()` or legacy `parse_request()` on untrusted HTTP request data, or before deriving routing and forwarding decisions from a parsed request URI. Reject Host values containing userinfo, path, query, or fragment delimiters.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/guzzle/psr7/security/advisories/GHSA-34xg-wgjx-8xph"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T13:16:33","euvd":null},{"cve_id":"CVE-2026-49214","summary":"guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. A vulnerable flow is: First, an application accepts a user-controlled URL. Second, the URL is used to construct a PSR-7 `Uri` or `Request`. Third, the host component contains CRLF or another header-unsafe character. Fourth, the host is copied into the PSR-7 `Host` header when no explicit `Host` header is provided. Finally, the request is serialized or sent by an HTTP client that does not independently reject the malformed host. In that flow, an attacker can cause the serialized request to contain additional attacker-controlled header lines. For example, a host containing `\"\\r\\nX-Injected: yes\"` can cause the generated `Host` header to span multiple HTTP header lines. Applications are affected when they use user-controlled URLs for outbound HTTP requests, URL forwarding, proxying, crawling, webhook delivery, or similar request-dispatch flows. In deployments involving HTTP/1.1 connection reuse, proxies, gateways, or load balancers, this malformed request may also contribute to request smuggling or cache poisoning, depending on how downstream components parse the request. The issue is patched in `2.10.2` and later. `1.x` is end-of-life and will not receive a patch. As a workaround, validate and reject all untrusted URI strings before constructing PSR-7 `Uri` or `Request` instances. Reject input containing ASCII control characters, whitespace, or DEL, including CRLF, tab, space, NUL, or DEL characters. Applications that forward requests should also ensure the final HTTP client or serializer rejects invalid URI and header data before writing requests to the network.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/guzzle/psr7/security/advisories/GHSA-hq7v-mx3g-29hw"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T13:16:33","euvd":null},{"cve_id":"CVE-2026-11561","summary":"Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection.\n\nThis issue affects Apinizer: from 2026.04.0 before 2026.04.6.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0365"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T13:16:32","euvd":null},{"cve_id":"CVE-2026-11956","summary":"A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is considered difficult. The reported GitHub issue was closed with the label \"not planned\".","cvss":6.3,"cvss_version":4.0,"cvss_v2":2.6,"cvss_v3":3.7,"cvss_v4":6.3,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/TwiN/gatus/","https://github.com/TwiN/gatus/issues/1689","https://vuldb.com/cve/CVE-2026-11956","https://vuldb.com/submit/836328","https://vuldb.com/vuln/370343","https://vuldb.com/vuln/370343/cti","https://github.com/TwiN/gatus/issues/1689","https://vuldb.com/submit/836328"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T13:16:32","euvd":null},{"cve_id":"CVE-2026-9694","summary":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions, could have allowed an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content via a specially crafted Service Desk email reply due to improper neutralization in email template processing.","cvss":2.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":2.6,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02066,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/","https://gitlab.com/gitlab-org/gitlab/-/work_items/601330","https://hackerone.com/reports/3685720"],"vendor":"gitlab","product":"gitlab","version":null,"published_time":"2026-06-11T12:16:33","euvd":null},{"cve_id":"CVE-2026-6269","summary":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to modify hidden merge requests due to incorrect authorization enforcements.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01225,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/","https://gitlab.com/gitlab-org/gitlab/-/work_items/596625","https://hackerone.com/reports/3661880"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T12:16:32","euvd":null},{"cve_id":"CVE-2026-6277","summary":"GitLab has remediated an issue in GitLab EE affecting all versions from 13.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with Security Manager-role permissions to manage project security configuration even when the relevant feature was in a disabled state, due to incorrect authorization enforcement.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01225,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/","https://gitlab.com/gitlab-org/gitlab/-/work_items/596656","https://hackerone.com/reports/3662615"],"vendor":"gitlab","product":"gitlab","version":null,"published_time":"2026-06-11T12:16:32","euvd":null},{"cve_id":"CVE-2026-6552","summary":"GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with group Owner role to take over another group member's GitLab account due to improper authorization in the Group SAML identity management functionality.","cvss":8.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.7,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01168,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/","https://gitlab.com/gitlab-org/gitlab/-/work_items/597295","https://hackerone.com/reports/3655189"],"vendor":"gitlab","product":"gitlab","version":null,"published_time":"2026-06-11T12:16:32","euvd":null},{"cve_id":"CVE-2026-6976","summary":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to hide changes from merge request diff views due to improper input handling of file names.","cvss":3.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.7,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01225,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/","https://gitlab.com/gitlab-org/gitlab/-/work_items/598165","https://hackerone.com/reports/3638136"],"vendor":"gitlab","product":"gitlab","version":null,"published_time":"2026-06-11T12:16:32","euvd":null},{"cve_id":"CVE-2026-7250","summary":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an unauthenticated user to cause denial of service due to improper input validation in the API request parsing middleware.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.13349,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/","https://gitlab.com/gitlab-org/gitlab/-/work_items/598311","https://hackerone.com/reports/3671995"],"vendor":"gitlab","product":"gitlab","version":null,"published_time":"2026-06-11T12:16:32","euvd":null},{"cve_id":"CVE-2026-8464","summary":"Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. This vulnerability allows an attacker in the same local network to read arbitrary files from the server's operating system by manipulating HTTP request paths.\nThis issue has been fixed in version 11.6.0","cvss":8.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.3,"epss":0.00025,"ranking_epss":0.0737,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cert.pl/posts/2026/06/CVE-2026-8464","https://www.neuron.com.pl/mes-help/mes-download.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T12:16:32","euvd":null},{"cve_id":"CVE-2026-8589","summary":"GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to add unauthorized email addresses to a targeted user's account due to improper sanitization of user-supplied input in certain group setting fields.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04856,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/","https://gitlab.com/gitlab-org/gitlab/-/work_items/600099","https://hackerone.com/reports/3722842"],"vendor":"gitlab","product":"gitlab","version":null,"published_time":"2026-06-11T12:16:32","euvd":null},{"cve_id":"CVE-2026-9204","summary":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to read arbitrary files from the Gitaly server and access internal network resources during repository import, due to insufficient validation of secondary URLs.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01126,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/","https://gitlab.com/gitlab-org/gitlab/-/work_items/592677"],"vendor":"gitlab","product":"gitlab","version":null,"published_time":"2026-06-11T12:16:32","euvd":null},{"cve_id":"CVE-2026-1500","summary":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to cause denial of service due to uncontrolled resource consumption when processing a specially crafted file upload.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.10623,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/","https://gitlab.com/gitlab-org/gitlab/-/work_items/587825","https://hackerone.com/reports/3517331"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T12:16:31","euvd":null},{"cve_id":"CVE-2026-3553","summary":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to access confidential issue details due to incorrect authorization checks.","cvss":3.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.1,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01874,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/","https://gitlab.com/gitlab-org/gitlab/-/work_items/592295","https://hackerone.com/reports/3578216"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T12:16:31","euvd":null},{"cve_id":"CVE-2026-4764","summary":"A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import.\n\n\nThis vulnerability was patched on 15 March 2026, and no customer action is needed.","cvss":9.4,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":9.4,"epss":0.00038,"ranking_epss":0.11868,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://docs.cloud.google.com/dialogflow/docs/release-notes#May_07_2026"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T12:16:31","euvd":null},{"cve_id":"CVE-2026-53423","summary":"Allocation of Resources Without Limits or Throttling vulnerability in membraneframework membrane_mp4_plugin allows unauthenticated denial-of-service via BEAM atom table exhaustion.\n\nThe MP4 box header parser converts each 4-byte box name to an atom using String.to_atom/1 without validation. 'Elixir.Membrane.MP4.Container.Header':parse_box_name/1 in lib/membrane_mp4/container/header.ex interns every box name encountered while 'Elixir.Membrane.MP4.Container.Header':parse/1 walks the input. BEAM atoms are never garbage-collected, so each unique attacker-controlled 4-byte name is a permanent allocation. A crafted MP4 of approximately 8 MB containing roughly 1.1 million boxes with distinct non-standard names exhausts the atom table (default ceiling around 1,048,576 atoms), aborting the entire BEAM node and taking down all applications running on it.\n\nThis issue affects membrane_mp4_plugin from 0.3.0 before 0.36.7.","cvss":5.9,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":5.9,"epss":0.00014,"ranking_epss":0.02568,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cna.erlef.org/cves/CVE-2026-53423.html","https://github.com/membraneframework/membrane_mp4_plugin/commit/56373d1ddc86968e55fbde795c14eeba24357b57","https://github.com/membraneframework/membrane_mp4_plugin/security/advisories/GHSA-43hj-fxwj-49qw","https://osv.dev/vulnerability/EEF-CVE-2026-53423","https://github.com/membraneframework/membrane_mp4_plugin/security/advisories/GHSA-43hj-fxwj-49qw"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T12:16:31","euvd":null},{"cve_id":"CVE-2026-53912","summary":"Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored the registrant’s hashed password in the inbox message data payload. This payload was returned unredacted through inbox index and view responses, including HTML, JSON, and CSV outputs, and could also be written unredacted into audit log entries for the inbox message.\n\nAn authenticated user with sufficient privileges to access inbox entries or related audit logs could retrieve password hashes associated with pending self-registration requests. Although the exposed value is a password hash rather than a plaintext password, disclosure of password hashes may enable offline password-cracking attempts and could increase risk where users reuse passwords across systems.\n\nCerebrate 1.37 fixes the issue by redacting sensitive password and authkey fields from inbox display/API output and recursively redacting those fields from JSON values written to audit logs, while leaving the stored registration payload intact for account creation processing.\n\n\n\nAffected component: Inbox self-registration request handling and audit logging\n\nFixed version: Cerebrate 1.37","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":5.1,"epss":0.00039,"ranking_epss":0.11899,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/cerebrate-project/cerebrate/commit/02da6d708d610c8509a1aab3f58f53f0a91d8a04."],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T12:16:31","euvd":null},{"cve_id":"CVE-2026-10087","summary":"GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary client-side code on behalf of a targeted user due to improper input sanitization in the Analytics Dashboard.","cvss":8.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.7,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03592,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/","https://gitlab.com/gitlab-org/gitlab/-/work_items/601633","https://hackerone.com/reports/3759090"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T12:16:30","euvd":null},{"cve_id":"CVE-2026-10733","summary":"GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that could have allowed an authenticated user to cause denial of service on the CI/CD Catalog page due to improper sanitization.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03621,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://about.gitlab.com/releases/2026/06/10/patch-release-gitlab-19-0-2-released/","https://gitlab.com/gitlab-org/gitlab/-/work_items/600446"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T12:16:30","euvd":null},{"cve_id":"CVE-2022-47150","summary":"Cross-Site request forgery (CSRF) vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery.\n\nThis issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01635,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://patchstack.com/database/wordpress/plugin/woocommerce-conversion-tracking/vulnerability/wordpress-woocommerce-conversion-tracking-plugin-2-0-10-csrf-broken-access-control?_s_id=cve"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T12:16:29","euvd":null},{"cve_id":"CVE-2023-25969","summary":"Missing Authorization vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Contact Form & Lead Form Elementor Builder: from n/a through 1.8.4.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.08075,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://patchstack.com/database/wordpress/plugin/lead-form-builder/vulnerability/wordpress-contact-form-lead-form-elementor-builder-plugin-1-8-4-cross-site-request-forgery-csrf?_s_id=cve"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T12:16:29","euvd":null},{"cve_id":"CVE-2023-32959","summary":"Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects MetroStore: from n/a through 1.3.2.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.06455,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://patchstack.com/database/wordpress/theme/metrostore/vulnerability/wordpress-metrostore-theme-1-3-2-broken-access-control?_s_id=cve"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T12:16:29","euvd":null},{"cve_id":"CVE-2022-45813","summary":"Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.06097,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://patchstack.com/database/wordpress/plugin/woocommerce-ajax-filters/vulnerability/wordpress-advanced-ajax-product-filters-plugin-1-6-3-3-broken-access-control-csrf?_s_id=cve"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T12:16:28","euvd":null},{"cve_id":"CVE-2025-7064","summary":"Authentication bypass by primary weakness vulnerability in ABB Freelance.\n\nThis issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, 2024.","cvss":5.6,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":6.6,"cvss_v4":5.6,"epss":0.00017,"ranking_epss":0.04206,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://search.abb.com/library/Download.aspx?DocumentID=7PAA020361&LanguageCode=en&DocumentPartId=&Action=Launch"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T10:16:21","euvd":null},{"cve_id":"CVE-2026-11850","summary":"An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2) without a prior bounds check. When bv_len is 0 or 1, the subtraction wraps to a large value which is then truncated to uint16_t, yielding 0xFFFE (65534) or 0xFFFF (65535). The subsequent malloc succeeds and memcpy reads up to 65534 bytes from a 0-1 byte buffer, resulting in a heap out-of-bounds read.\nThe attack vector involves a malicious or compromised LDAP KDB backend returning a krbExtraData attribute with bv_len < 2, triggering the underflow when the KDC or kadmind reads principal data.","cvss":5.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.0,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10734,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/security/cve/CVE-2026-11850","https://bugzilla.redhat.com/show_bug.cgi?id=2459970"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T10:16:21","euvd":null},{"cve_id":"CVE-2026-53911","summary":"Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit request containing the id of another record, causing the save operation to update that unrelated record instead of the record identified by the route parameter. The issue affected several entity types inheriting permissive mass-assignment defaults, including User, Role, UserSetting, LocalTool, PermissionLimitation, and EnumerationCollection. Since UserSettings edit functionality was reachable by any authenticated user, exploitation could allow unauthorized modification of records within the same entity type, with impact depending on the affected endpoint and writable fields. Cerebrate 1.37 fixes this by stripping id from request input after marshalling callbacks and by globally marking id as inaccessible in the base AppModel entity.\n\nThe discovery of those potential vulnerabilities are inherited from initial finding from Jeroen Pinoy additional support from AI-Assisted Optus 4.8 (the commit wrongly assign Claude Fable 5 as the model switched) and coordinated by Andras Iklody.","cvss":6.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":6.3,"epss":0.00038,"ranking_epss":0.11868,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/cerebrate-project/cerebrate/commit/b3c8f951b0634f05691339512ef06cc261afecaf"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T10:16:21","euvd":null},{"cve_id":"CVE-2026-5497","summary":"vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in the `VideoMediaIO.load_base64()` method. When processing `video/jpeg` data URLs, the method splits the base64 data string on commas to extract individual JPEG frames without enforcing a frame count limit. An attacker can exploit this by crafting a single API request containing thousands of comma-separated base64-encoded JPEG frames in a data URL, causing the server to decode all frames into memory and crash due to excessive memory consumption. This vulnerability is reachable via the OpenAI-compatible chat completions API and does not require authentication.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00077,"ranking_epss":0.23122,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/vllm-project/vllm/commit/58ee61422169ce17e08248f8efa1e9df434fe395","https://huntr.com/bounties/7bd92629-b396-4449-8f88-6c0092530eb4","https://huntr.com/bounties/7bd92629-b396-4449-8f88-6c0092530eb4"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T10:16:21","euvd":null},{"cve_id":"CVE-2022-44630","summary":"Cross-Site request forgery (CSRF) vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery.\n\nThis issue affects YITH WooCommerce Product Slider Carousel: from n/a through 1.16.0.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09204,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://patchstack.com/database/wordpress/plugin/yith-woocommerce-product-slider-carousel/vulnerability/wordpress-yith-woocommerce-product-slider-carousel-plugin-1-16-0-cross-site-request-forgery-csrf?_s_id=cve"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T10:16:20","euvd":null},{"cve_id":"CVE-2022-42479","summary":"Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Soledad: from n/a through 8.2.5.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.1779,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://patchstack.com/database/wordpress/theme/soledad/vulnerability/wordpress-soledad-premium-theme-8-2-5-broken-access-control-vulnerability?_s_id=cve"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T10:16:19","euvd":null},{"cve_id":"CVE-2023-33999","summary":"Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPVibes WP Mail Log allows DOM-Based XSS.\n\nThis issue affects WP Mail Log: from n/a through 1.0.2.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00209,"ranking_epss":0.4343,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://patchstack.com/database/wordpress/plugin/wp-mail-log/vulnerability/wordpress-wp-mail-log-plugin-1-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T09:16:25","euvd":null},{"cve_id":"CVE-2023-40200","summary":"Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.08607,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://patchstack.com/database/wordpress/plugin/wp-logo-showcase-responsive-slider-slider/vulnerability/wordpress-wp-logo-showcase-responsive-slider-and-carousel-plugin-3-6-broken-access-control-vulnerability?_s_id=cve"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T09:16:25","euvd":null},{"cve_id":"CVE-2024-32110","summary":"Cross-Site request forgery (CSRF) vulnerability in Magepeople inc. WpEvently allows Cross Site Request Forgery.\n\nThis issue affects WpEvently: from n/a through 4.1.2.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09778,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://patchstack.com/database/wordpress/plugin/mage-eventpress/vulnerability/wordpress-event-manager-and-tickets-selling-plugin-for-woocommerce-plugin-4-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T09:16:25","euvd":null},{"cve_id":"CVE-2026-53901","summary":"Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add() handler attempted to remove an attacker-supplied id from $params before normalizing the request through __massageInput(). Because the normalized $input could still contain an id field, a user able to reach an affected add endpoint could supply an identifier that should have been server-controlled.\n\n\nSuccessful exploitation could allow creation of objects with attacker-chosen identifiers, potentially causing unauthorized data manipulation, object spoofing, inconsistent references, or disruption through identifier collisions, depending on the affected model and endpoint permissions. The issue was fixed in v1.37 by removing id from the normalized input before entity patching.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.7,"epss":0.00087,"ranking_epss":0.25008,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/cerebrate-project/cerebrate/commit/aff1ca707c8f926d00cda3deb39ff9bf59cdf18e"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T09:16:25","euvd":null},{"cve_id":"CVE-2026-41000","summary":"Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be ineffective even when operators configured a replay cache on the interceptor.\n\nAffected versions:\nSpring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.","cvss":3.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.08458,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41000"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T07:16:28","euvd":null},{"cve_id":"CVE-2026-41001","summary":"Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts.\n\nAffected versions:\nSpring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4.0 through 3.4.16; 3.3.0 through 3.3.19; 2.7.0 through 2.7.33.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.01974,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41001"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T07:16:28","euvd":null},{"cve_id":"CVE-2026-41699","summary":"Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated (Connection) field and the classpath contains specific classes that can be leveraged during deserialization.\n\nAffected versions:\nSpring for GraphQL 2.0.0 through 2.0.3; 1.4.0 through 1.4.5; 1.3.0 through 1.3.8.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00343,"ranking_epss":0.57322,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41699"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T07:16:28","euvd":null},{"cve_id":"CVE-2026-41700","summary":"Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials.\n\nAffected versions:\nSpring for GraphQL 2.0.0 through 2.0.3; 1.4.0 through 1.4.5; 1.3.0 through 1.3.8; 1.0.0 through 1.0.6.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03568,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41700"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T07:16:28","euvd":null},{"cve_id":"CVE-2026-41856","summary":"The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. When all conditions are met, security annotations can be ignored at runtime.\n\nAffected versions:\nSpring for GraphQL 2.0.0 through 2.0.3; 1.4.0 through 1.4.5; 1.3.0 through 1.3.8; 1.0.0 through 1.0.6.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09673,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41856"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T07:16:28","euvd":null},{"cve_id":"CVE-2026-40987","summary":"A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured local-directory) with attacker-controlled content.\n\nAffected versions:\nSpring Integration 7.0.0 through 7.0.4; 6.5.0 through 6.5.8; 6.4.0 through 6.4.11; 6.3.0 through 6.3.14; 5.5.0 through 5.5.20.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.10442,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-40987"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T07:16:27","euvd":null},{"cve_id":"CVE-2026-40992","summary":"Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected.\n\nAffected versions:\nSpring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4.0 through 3.4.16.","cvss":5.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.0,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02703,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-40992"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T07:16:27","euvd":null},{"cve_id":"CVE-2026-40994","summary":"Wss4jSecurityInterceptor initialized its BSP (WS-I Basic Security Profile) compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level checks.\n\nAffected versions:\nSpring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.08297,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-40994"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T07:16:27","euvd":null},{"cve_id":"CVE-2026-40995","summary":"X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, without applying Spring Security's standard account lifecycle checks (disabled, locked, expired, or credentials-expired accounts).\n\nAffected versions:\nSpring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04921,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-40995"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T07:16:27","euvd":null},{"cve_id":"CVE-2026-40996","summary":"Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS#1 v1.5 (rsa-1_5) encrypted key material unless operators explicitly reconfigured the flag.\n\nAffected versions:\nSpring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.","cvss":4.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.8,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05444,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-40996"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T07:16:27","euvd":null},{"cve_id":"CVE-2026-40997","summary":"Several Spring WS integration paths with Spring Security could surface detailed account state (for example locked or disabled user semantics) to remote SOAP clients through exception messages or callback outcomes, instead of failing with generic authentication errors. That behavior assists remote attackers in distinguishing valid accounts from invalid ones and inferring lifecycle state.\n\nAffected versions:\nSpring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.13297,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-40997"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T07:16:27","euvd":null},{"cve_id":"CVE-2026-40998","summary":"Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK's default DocumentBuilderFactory behavior instead of Spring's hardened parser configuration. Applications that evaluate XPath against untrusted XML payloads could therefore be exposed to XML External Entity (XXE) style attacks.\n\nAffected versions:\nSpring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.10968,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-40998"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T07:16:27","euvd":null},{"cve_id":"CVE-2026-40999","summary":"When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to.\n\nAffected versions:\nSpring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09673,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-40999"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T07:16:27","euvd":null},{"cve_id":"CVE-2026-10795","summary":"The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlus_Remote_Communications_V2::wp_loaded function. This is due to insufficient validation of the remote communications message format, where signature verification can be bypassed and unchecked decryption return values collapse to a predictable all-zero encryption key. This makes it possible for unauthenticated attackers to forge arbitrary RPC commands and run them as the connected administrator, such as uploading and activating a malicious plugin, which ultimately leads to remote code execution.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10883,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://plugins.svn.wordpress.org/updraftplus/tags/1.26.4/vendor/team-updraft/common-libs/src/updraft-rpc/class-udrpc.php","https://plugins.svn.wordpress.org/updraftplus/tags/1.26.4/vendor/team-updraft/common-libs/src/updraft-rpc/class-udrpc2.php","https://plugins.trac.wordpress.org/changeset/3561938/updraftplus/trunk/vendor/team-updraft/common-libs/src/updraft-rpc/class-udrpc2.php","https://www.wordfence.com/threat-intel/vulnerabilities/id/e901c2a0-2477-4b9a-8483-6002419e0a2f?source=cve"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T07:16:26","euvd":null},{"cve_id":"CVE-2026-40986","summary":"Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not \"text/html\", which can result in a scripting attack in the user's browser if the error response from the server contains error details with input reflected from an attacker.\n\nAffected versions:\nSpring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1.","cvss":4.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.8,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09203,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-40986"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T07:16:26","euvd":null},{"cve_id":"CVE-2026-40985","summary":"Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions.\n\nAffected versions:\nSpring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1.","cvss":6.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.4,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09907,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-40985"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T05:16:33","euvd":null},{"cve_id":"CVE-2026-35273","summary":"Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07467,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.oracle.com/security-alerts/alert-cve-2026-35273.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T04:16:53","euvd":null},{"cve_id":"CVE-2026-2827","summary":"The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oum_location_notification' parameter in versions up to, and including, 1.4.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01891,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.open-user-map.com/","https://www.wordfence.com/threat-intel/vulnerabilities/id/9963e0f8-600c-4b1f-935d-4ac1f967698f?source=cve"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-11T02:16:42","euvd":{"id":"EUVD-2026-36198","description":"The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oum_location_notification' parameter in versions up to, and including, 1.4.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","published_time":"2026-06-11T01:27:56","cvss":4.7,"cvss_version":"3.1","epss":0.0,"assigner":"Wordfence","references":["https://www.wordfence.com/threat-intel/vulnerabilities/id/9963e0f8-600c-4b1f-935d-4ac1f967698f?source=cve","https://www.open-user-map.com/"],"products":["Open User Map PRO"],"vendors":["100plugins"]}},{"cve_id":"CVE-2026-52726","summary":"Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, `dulwich.porcelain.submodule_update`, and by extension `porcelain.clone(..., recurse_submodules=True)`, materializes attacker-controlled submodule paths from a crafted upstream repository without path validation. A malicious `.gitmodules` plus a matching tree gitlink whose `path` is `.git/hooks` (or any other directory inside the parent repository's `.git` directory) causes the attacker's submodule tree contents to be written directly into the victim's `.git/hooks/` directory, preserving executable mode bits. The dropped executables are then run by any subsequent `git` or `dulwich` command that invokes the matching hook, resulting in arbitrary code execution. This is the dulwich equivalent of the upstream Git fixes for CVE-2024-32002 / CVE-2024-32004, which were never propagated into dulwich's separately implemented submodule porcelain. Version 1.2.5 patches the issue.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27055,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5","https://github.com/jelmer/dulwich/security/advisories/GHSA-gfhv-vqv2-4544","https://github.com/jelmer/dulwich/security/advisories/GHSA-gfhv-vqv2-4544"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:50","euvd":{"id":"EUVD-2026-36195","description":"Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, `dulwich.porcelain.submodule_update`, and by extension `porcelain.clone(..., recurse_submodules=True)`, materializes attacker-controlled submodule paths from a crafted upstream repository without path validation. A malicious `.gitmodules` plus a matching tree gitlink whose `path` is `.git/hooks` (or any other directory inside the parent repository's `.git` directory) causes the attacker's submodule tree contents to be written directly into the victim's `.git/hooks/` directory, preserving executable mode bits. The dropped executables are then run by any subsequent `git` or `dulwich` command that invokes the matching hook, resulting in arbitrary code execution. This is the dulwich equivalent of the upstream Git fixes for CVE-2024-32002 / CVE-2024-32004, which were never propagated into dulwich's separately implemented submodule porcelain. Version 1.2.5 patches the issue.","published_time":"2026-06-10T22:13:33","cvss":7.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/jelmer/dulwich/security/advisories/GHSA-gfhv-vqv2-4544","https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5"],"products":["dulwich"],"vendors":["jelmer"]}},{"cve_id":"CVE-2026-53460","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q62c-h75r-2xhc"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:50","euvd":{"id":"EUVD-2026-36187","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for maximum memory request in AcquireAlignedMemory could trigger an out-of-Memory condition. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.","published_time":"2026-06-10T22:02:22","cvss":7.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q62c-h75r-2xhc"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-53461","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g22q-f7gc-5jhr"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:50","euvd":{"id":"EUVD-2026-36188","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.","published_time":"2026-06-10T22:03:11","cvss":7.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g22q-f7gc-5jhr"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-53462","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when an allocation fails in CheckPrimitiveExtent this can result in a heap-use-after-free and result in a crash. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-px7q-ggqj-hcf2"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:50","euvd":{"id":"EUVD-2026-36189","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when an allocation fails in CheckPrimitiveExtent this can result in a heap-use-after-free and result in a crash. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.","published_time":"2026-06-10T22:04:53","cvss":5.9,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-px7q-ggqj-hcf2"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-53463","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the distort operation a null pointer deference will occur. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.10224,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p9rq-q46c-g4x6"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:50","euvd":{"id":"EUVD-2026-36190","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when passing incorrect arguments in the distort operation a null pointer deference will occur. This issue has been patched in versions 6.9.13-50 and 7.1.2-25.","published_time":"2026-06-10T22:05:58","cvss":4.3,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p9rq-q46c-g4x6"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-53464","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, when providing invalid options to the wand option parser a small memory leak will occur. This issue has been patched in version 7.1.2-25.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02276,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j989-f892-2335"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:50","euvd":{"id":"EUVD-2026-36191","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, when providing invalid options to the wand option parser a small memory leak will occur. This issue has been patched in version 7.1.2-25.","published_time":"2026-06-10T22:07:06","cvss":4.0,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j989-f892-2335"],"products":["ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-53465","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder. This issue has been patched in version 7.1.2-25.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02164,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-44cp-c3ww-9rv5"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:50","euvd":{"id":"EUVD-2026-36192","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder. This issue has been patched in version 7.1.2-25.","published_time":"2026-06-10T22:07:50","cvss":6.2,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-44cp-c3ww-9rv5"],"products":["ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-48733","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search operation can happen when using a crafted image. This issue has been patched in versions 6.9.13-49 and 7.1.2-24.","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02164,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5v62-8fq6-cp9m"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:49","euvd":{"id":"EUVD-2026-36180","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search operation can happen when using a crafted image. This issue has been patched in versions 6.9.13-49 and 7.1.2-24.","published_time":"2026-06-10T21:53:35","cvss":4.7,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5v62-8fq6-cp9m"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-48734","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions 6.9.13-49 and 7.1.2-24.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02164,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h36c-3666-h489"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:49","euvd":{"id":"EUVD-2026-36182","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions 6.9.13-49 and 7.1.2-24.","published_time":"2026-06-10T21:55:59","cvss":5.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h36c-3666-h489"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-48994","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-4v89-6mgq-6rgc"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:49","euvd":{"id":"EUVD-2026-36183","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.","published_time":"2026-06-10T21:58:14","cvss":5.9,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-4v89-6mgq-6rgc"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-49218","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operation. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18799,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8pj9-6897-74xc"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:49","euvd":{"id":"EUVD-2026-36184","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operation. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.","published_time":"2026-06-10T21:59:04","cvss":7.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8pj9-6897-74xc"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-49219","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05436,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xcjm-wqff-m669"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:49","euvd":{"id":"EUVD-2026-36185","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.","published_time":"2026-06-10T22:00:26","cvss":5.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xcjm-wqff-m669"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-50223","summary":"Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution.\n\nThis issue affects Apache OFBiz: before 24.09.07.\n\nUsers are recommended to upgrade to version 24.09.07, which fixes the issue.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0009,"ranking_epss":0.25564,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.apache.org/thread/trr2p4zokg54glqlhjnglt4yr7n8t5xd","http://www.openwall.com/lists/oss-security/2026/06/10/13"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:49","euvd":{"id":"EUVD-2026-36167","description":"Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution.\n\nThis issue affects Apache OFBiz: before 24.09.07.\n\nUsers are recommended to upgrade to version 24.09.07, which fixes the issue.","published_time":"2026-06-10T22:23:49","cvss":8.8,"cvss_version":"3.1","epss":0.0,"assigner":"apache","references":["https://lists.apache.org/thread/trr2p4zokg54glqlhjnglt4yr7n8t5xd"],"products":["Apache OFBiz"],"vendors":["Apache Software Foundation"]}},{"cve_id":"CVE-2026-47165","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge–response authentication model. This has been changed in versions 6.9.13-48 and 7.1.2-23.","cvss":4.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.1,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02859,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2rgj-gx5x-f62w"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:48","euvd":{"id":"EUVD-2026-36177","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge–response authentication model. This has been changed in versions 6.9.13-48 and 7.1.2-23.","published_time":"2026-06-10T21:50:30","cvss":4.1,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2rgj-gx5x-f62w"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-47166","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00011,"ranking_epss":0.01468,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6gxq-f64p-5w6f"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:48","euvd":{"id":"EUVD-2026-36178","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.","published_time":"2026-06-10T21:51:18","cvss":5.7,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6gxq-f64p-5w6f"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-47213","summary":"Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is triggered, Boxlite sends a signal to kill the process. However, instead of using the uncatchable SIGKILL signal, Boxlite uses the catchable SIGALRM signal. Malicious code running inside the sandbox can exploit this vulnerability to continue running after the timeout is triggered, leading to resource exhaustion within the virtual machine and affecting the availability of the Boxlite service. This issue has been patched via commit 28159fc.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12298,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/boxlite-ai/boxlite/commit/28159fc5b6b6fd5037e18a58fc4644c882e3c581","https://github.com/boxlite-ai/boxlite/security/advisories/GHSA-xjhv-pp2r-6f82","https://github.com/boxlite-ai/boxlite/security/advisories/GHSA-xjhv-pp2r-6f82"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:48","euvd":{"id":"EUVD-2026-36197","description":"Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is triggered, Boxlite sends a signal to kill the process. However, instead of using the uncatchable SIGKILL signal, Boxlite uses the catchable SIGALRM signal. Malicious code running inside the sandbox can exploit this vulnerability to continue running after the timeout is triggered, leading to resource exhaustion within the virtual machine and affecting the availability of the Boxlite service. This issue has been patched via commit 28159fc.","published_time":"2026-06-10T22:20:04","cvss":6.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/boxlite-ai/boxlite/security/advisories/GHSA-xjhv-pp2r-6f82","https://github.com/boxlite-ai/boxlite/commit/28159fc5b6b6fd5037e18a58fc4644c882e3c581"],"products":["boxlite"],"vendors":["boxlite-ai"]}},{"cve_id":"CVE-2026-47342","summary":"A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges\n\n\n\nThis issue affects Apache OFBiz: before 24.09.07.\n\nUsers are recommended to upgrade to version 24.09.07, which fixes the issue.","cvss":null,"cvss_version":null,"cvss_v2":null,"cvss_v3":null,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.044,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.apache.org/thread/xqph4qjm163kmp0tcg9dodl6js499n75","http://www.openwall.com/lists/oss-security/2026/06/10/12"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:48","euvd":{"id":"EUVD-2026-36169","description":"A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges\n\n\n\nThis issue affects Apache OFBiz: before 24.09.07.\n\nUsers are recommended to upgrade to version 24.09.07, which fixes the issue.","published_time":"2026-06-10T22:29:06","cvss":0.0,"cvss_version":null,"epss":0.0,"assigner":"apache","references":["https://lists.apache.org/thread/xqph4qjm163kmp0tcg9dodl6js499n75"],"products":["Apache OFBiz"],"vendors":["Apache Software Foundation"]}},{"cve_id":"CVE-2026-47712","summary":"Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.format_patch(outdir=...) derives each patch filename from the commit's subject line. Prior to this fix, get_summary only replaced spaces with dashes - path separators (/, \\), parent-directory components (..), and other filename-hostile characters (e.g. :) were preserved verbatim and passed straight into os.path.join(outdir, f\"{i:04d}-{summary}.patch\"). A malicious commit subject could therefore direct the generated patch file outside the requested outdir. This is fixed in Dulwich 1.2.5. Users should upgrade to 1.2.5 or later. dulwich.patch.get_summary now mirrors git's format_sanitized_subject: only `[A-Za-z0-9._]` are kept, runs of other characters collapse to a single -, consecutive . collapse to a single ., trailing ./- are stripped, and the result is length-limited. This makes the returned string safe to embed as a filename component, so format_patch can no longer be steered out of outdir via the commit subject. Until upgrading, callers that pass untrusted commits to   porcelain.format_patch can use stdout=True and write the patch to a destination they control, rather than letting format_patch choose the filename; validate the chosen path before opening - e.g. compare os.path.realpath(returned_path) against  os.path.realpath(outdir) and reject any patch whose resolved path is not inside outdir; and/or pre-screen commits and refuse to format any whose subject's first line contains /, \\, .., or other characters that are not safe on the target filesystem.","cvss":3.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01117,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/jelmer/dulwich/commit/c2446e51b","https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5","https://github.com/jelmer/dulwich/security/advisories/GHSA-555p-6grf-mh7f"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:48","euvd":{"id":"EUVD-2026-36186","description":"Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.format_patch(outdir=...) derives each patch filename from the commit's subject line. Prior to this fix, get_summary only replaced spaces with dashes - path separators (/, \\), parent-directory components (..), and other filename-hostile characters (e.g. :) were preserved verbatim and passed straight into os.path.join(outdir, f\"{i:04d}-{summary}.patch\"). A malicious commit subject could therefore direct the generated patch file outside the requested outdir. This is fixed in Dulwich 1.2.5. Users should upgrade to 1.2.5 or later. dulwich.patch.get_summary now mirrors git's format_sanitized_subject: only `[A-Za-z0-9._]` are kept, runs of other characters collapse to a single -, consecutive . collapse to a single ., trailing ./- are stripped, and the result is length-limited. This makes the returned string safe to embed as a filename component, so format_patch can no longer be steered out of outdir via the commit subject. Until upgrading, callers that pass untrusted commits to   porcelain.format_patch can use stdout=True and write the patch to a destination they control, rather than letting format_patch choose the filename; validate the chosen path before opening - e.g. compare os.path.realpath(returned_path) against  os.path.realpath(outdir) and reject any patch whose resolved path is not inside outdir; and/or pre-screen commits and refuse to format any whose subject's first line contains /, \\, .., or other characters that are not safe on the target filesystem.","published_time":"2026-06-10T22:01:49","cvss":3.3,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/jelmer/dulwich/security/advisories/GHSA-555p-6grf-mh7f","https://github.com/jelmer/dulwich/commit/c2446e51b","https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5"],"products":["dulwich"],"vendors":["jelmer"]}},{"cve_id":"CVE-2026-47734","summary":"Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access could push a tiny crafted thin pack (~174 bytes)  whose delta header declares a huge   dest_size. When dulwich ingested it via  add_thin_pack / apply_delta, it would  allocate hundreds of MB of memory based on that attacker-controlled size, with no relationship to the actual bytes received. Operators running a Dulwich-based Git server that exposes git-receive-pack (i.e. accepts pushes) - for example via dulwich.server functionality, the HTTP  smart server, or anything built on ReceivePackHandler - are impacted. The issue is patched in 1.2.5. add_thin_pack now accepts a max_input_size keyword (bytes; 0/None = unlimited, matching git's semantics), and ReceivePackHandler reads receive.maxInputSize from the repository config and passes it through. Wire reads are counted and a PackInputTooLarge exception is raised once the cap is exceeded - equivalent to git index-pack --max-input-size. Users should upgrade to Dulwich 1.2.5 or later and set receive.maxInputSize in their server's repository config to a sane bound for their environment. On unpatched versions, receive.maxInputSize has no effect, so it cannot be used as a workaround. Until upgrading, operators should restrict dulwich-receive-pack (push) access to trusted, authenticated clients only, or disable it entirely on servers that only need to serve fetches and/or run the server under an OS-level memory limit (e.g. ulimit, cgroups/MemoryMax, or a container memory limit) so a malicious push is killed rather than taking down the host.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.10378,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5","https://github.com/jelmer/dulwich/security/advisories/GHSA-xrvj-v92f-53gj"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:48","euvd":{"id":"EUVD-2026-36193","description":"Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access could push a tiny crafted thin pack (~174 bytes)  whose delta header declares a huge   dest_size. When dulwich ingested it via  add_thin_pack / apply_delta, it would  allocate hundreds of MB of memory based on that attacker-controlled size, with no relationship to the actual bytes received. Operators running a Dulwich-based Git server that exposes git-receive-pack (i.e. accepts pushes) - for example via dulwich.server functionality, the HTTP  smart server, or anything built on ReceivePackHandler - are impacted. The issue is patched in 1.2.5. add_thin_pack now accepts a max_input_size keyword (bytes; 0/None = unlimited, matching git's semantics), and ReceivePackHandler reads receive.maxInputSize from the repository config and passes it through. Wire reads are counted and a PackInputTooLarge exception is raised once the cap is exceeded - equivalent to git index-pack --max-input-size. Users should upgrade to Dulwich 1.2.5 or later and set receive.maxInputSize in their server's repository config to a sane bound for their environment. On unpatched versions, receive.maxInputSize has no effect, so it cannot be used as a workaround. Until upgrading, operators should restrict dulwich-receive-pack (push) access to trusted, authenticated clients only, or disable it entirely on servers that only need to serve fetches and/or run the server under an OS-level memory limit (e.g. ulimit, cgroups/MemoryMax, or a container memory limit) so a malicious push is killed rather than taking down the host.","published_time":"2026-06-10T22:11:02","cvss":5.7,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/jelmer/dulwich/security/advisories/GHSA-xrvj-v92f-53gj","https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5"],"products":["dulwich"],"vendors":["jelmer"]}},{"cve_id":"CVE-2026-48724","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-24, when using an image with mask the Floyd-Steinberg dithering method it will cause a negative heap buffer over-write. This issue has been patched in version 7.1.2-24.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02164,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2hhq-c99x-492r"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:48","euvd":{"id":"EUVD-2026-36179","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-24, when using an image with mask the Floyd-Steinberg dithering method it will cause a negative heap buffer over-write. This issue has been patched in version 7.1.2-24.","published_time":"2026-06-10T21:52:32","cvss":5.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2hhq-c99x-492r"],"products":["ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-46557","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument. This issue has been patched in version 7.1.2-23.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02164,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rcr6-g7jc-f57g"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:47","euvd":{"id":"EUVD-2026-36172","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument. This issue has been patched in version 7.1.2-23.","published_time":"2026-06-10T21:44:40","cvss":6.2,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rcr6-g7jc-f57g"],"products":["ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-46559","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02276,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-533m-3wf6-c33v"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:47","euvd":{"id":"EUVD-2026-36173","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.","published_time":"2026-06-10T21:45:44","cvss":4.0,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-533m-3wf6-c33v"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-46645","summary":"SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajax_lookup endpoint in application.py bypasses the is_accessible() access control check that all other endpoints enforce. If a developer restricts model access by overriding is_accessible(), an authenticated user can still query that model's data through the ajax_lookup endpoint — silently bypassing the restriction. This issue has been patched in version 0.25.1.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07967,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/smithyhq/sqladmin/commit/b0d3a19fb9b074a9ed243de46930108375dfbb98","https://github.com/smithyhq/sqladmin/pull/1035","https://github.com/smithyhq/sqladmin/releases/tag/0.25.1","https://github.com/smithyhq/sqladmin/security/advisories/GHSA-54mc-gghv-4cfj"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:47","euvd":{"id":"EUVD-2026-36168","description":"SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajax_lookup endpoint in application.py bypasses the is_accessible() access control check that all other endpoints enforce. If a developer restricts model access by overriding is_accessible(), an authenticated user can still query that model's data through the ajax_lookup endpoint — silently bypassing the restriction. This issue has been patched in version 0.25.1.","published_time":"2026-06-10T22:23:57","cvss":4.3,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/smithyhq/sqladmin/security/advisories/GHSA-54mc-gghv-4cfj","https://github.com/smithyhq/sqladmin/pull/1035","https://github.com/smithyhq/sqladmin/commit/b0d3a19fb9b074a9ed243de46930108375dfbb98","https://github.com/smithyhq/sqladmin/releases/tag/0.25.1"],"products":["sqladmin"],"vendors":["smithyhq"]}},{"cve_id":"CVE-2026-46692","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.","cvss":4.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.1,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01767,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p93h-f2jc-477j"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:47","euvd":{"id":"EUVD-2026-36174","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.","published_time":"2026-06-10T21:46:45","cvss":4.1,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p93h-f2jc-477j"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-46693","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.","cvss":4.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.1,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01293,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-4g75-9r48-jf92"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:47","euvd":{"id":"EUVD-2026-36176","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.","published_time":"2026-06-10T21:47:41","cvss":4.1,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-4g75-9r48-jf92"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-46695","summary":"Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directory in rw mode, thereby gaining write access to that directory. This allows malicious code to perform arbitrary write operations on directories that should be read-only. This issue has been patched in version 0.9.0.","cvss":10.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":10.0,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.08587,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/boxlite-ai/boxlite/pull/454","https://github.com/boxlite-ai/boxlite/releases/tag/v0.9.0","https://github.com/boxlite-ai/boxlite/security/advisories/GHSA-g6ww-w5j2-r7x3","https://github.com/boxlite-ai/boxlite/security/advisories/GHSA-g6ww-w5j2-r7x3"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:47","euvd":{"id":"EUVD-2026-36166","description":"Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directory in rw mode, thereby gaining write access to that directory. This allows malicious code to perform arbitrary write operations on directories that should be read-only. This issue has been patched in version 0.9.0.","published_time":"2026-06-10T22:20:44","cvss":10.0,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/boxlite-ai/boxlite/security/advisories/GHSA-g6ww-w5j2-r7x3","https://github.com/boxlite-ai/boxlite/pull/454","https://github.com/boxlite-ai/boxlite/releases/tag/v0.9.0"],"products":["boxlite"],"vendors":["boxlite-ai"]}},{"cve_id":"CVE-2026-46703","summary":"Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for the possibility that entries may be symlinks pointing to absolute paths. An attacker can craft a malicious OCI image and distribute it on image hosting platforms such as DockerHub, tricking users into using it. Once a user loads the malicious image, the attacker can write arbitrary content to any path on the host, which can further lead to remote code execution on the host. This issue has been patched in version 0.9.0.","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00188,"ranking_epss":0.40515,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/boxlite-ai/boxlite/releases/tag/v0.9.0","https://github.com/boxlite-ai/boxlite/security/advisories/GHSA-f396-4rp4-7v2j","https://github.com/boxlite-ai/boxlite/security/advisories/GHSA-f396-4rp4-7v2j"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:47","euvd":{"id":"EUVD-2026-36165","description":"Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for the possibility that entries may be symlinks pointing to absolute paths. An attacker can craft a malicious OCI image and distribute it on image hosting platforms such as DockerHub, tricking users into using it. Once a user loads the malicious image, the attacker can write arbitrary content to any path on the host, which can further lead to remote code execution on the host. This issue has been patched in version 0.9.0.","published_time":"2026-06-10T22:20:24","cvss":9.6,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/boxlite-ai/boxlite/security/advisories/GHSA-f396-4rp4-7v2j","https://github.com/boxlite-ai/boxlite/releases/tag/v0.9.0"],"products":["boxlite"],"vendors":["boxlite-ai"]}},{"cve_id":"CVE-2026-42305","summary":"Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax. Contributing configuration bugs made matters worse. The core.protectNTFS and core.protectHFS settings were looked up under a wrong option name and so user-set values were silently ignored, and core.protectNTFS only defaulted to true on Windows (Git upstream has defaulted it to true everywhere since CVE-2019-1353). Both have been corrected. Anyone who clones, fetches, or checks out an untrusted repository with Dulwich on Windows - either through the Dulwich CLI, porcelain.clone, or any downstream tool built on Dulwich - is impacted. POSIX clones are not directly exploitable (on POSIX \\ is a literal filename byte), but a POSIX user can unknowingly propagate a malicious tree to Windows consumers via push or re-publication. This issue is fixed in Dulwich 1.2.5. Users should upgrade to 1.2.5 or later. There is no effective pre-patch workaround. On affected versions the core.protectNTFS configuration key was silently ignored, so setting it to true does not mitigate the issue. Users who cannot upgrade should avoid cloning, fetching, or checking out untrusted repositories with Dulwich on Windows. After upgrading the NTFS validator is on by default on every platform, so no additional configuration is required.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00223,"ranking_epss":0.45162,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/jelmer/dulwich/commit/49eb56e51aad637fc23d54bf2a08cb42739b8290","https://github.com/jelmer/dulwich/commit/57efc4aa1581e038915a0fd79365be53b150f4a9","https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5","https://github.com/jelmer/dulwich/security/advisories/GHSA-897w-fcg9-f6xj"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:46","euvd":{"id":"EUVD-2026-36181","description":"Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax. Contributing configuration bugs made matters worse. The core.protectNTFS and core.protectHFS settings were looked up under a wrong option name and so user-set values were silently ignored, and core.protectNTFS only defaulted to true on Windows (Git upstream has defaulted it to true everywhere since CVE-2019-1353). Both have been corrected. Anyone who clones, fetches, or checks out an untrusted repository with Dulwich on Windows - either through the Dulwich CLI, porcelain.clone, or any downstream tool built on Dulwich - is impacted. POSIX clones are not directly exploitable (on POSIX \\ is a literal filename byte), but a POSIX user can unknowingly propagate a malicious tree to Windows consumers via push or re-publication. This issue is fixed in Dulwich 1.2.5. Users should upgrade to 1.2.5 or later. There is no effective pre-patch workaround. On affected versions the core.protectNTFS configuration key was silently ignored, so setting it to true does not mitigate the issue. Users who cannot upgrade should avoid cloning, fetching, or checking out untrusted repositories with Dulwich on Windows. After upgrading the NTFS validator is on by default on every platform, so no additional configuration is required.","published_time":"2026-06-10T21:55:30","cvss":8.8,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/jelmer/dulwich/security/advisories/GHSA-897w-fcg9-f6xj","https://github.com/jelmer/dulwich/commit/49eb56e51aad637fc23d54bf2a08cb42739b8290","https://github.com/jelmer/dulwich/commit/57efc4aa1581e038915a0fd79365be53b150f4a9","https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5"],"products":["dulwich"],"vendors":["jelmer"]}},{"cve_id":"CVE-2026-42558","summary":"Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector functionality to craft messages which escape the sandbox and facilitate XSS. Exploitation of the vulnerability is possible on behalf of an authorized user who has both of the following privileges, which are not granted to non-admins as standard: Include \"Add DataSet\" button to allow for additional DataSets to be created independently to Layouts Users should upgrade to version 4.4.2 which fixes this issue. Upgrading to a fixed version is necessary to remediate. Users unable to upgrade should revoke such privileges from users they do not trust.","cvss":7.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.6,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-6389-j56c-9fww"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:46","euvd":{"id":"EUVD-2026-36170","description":"Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector functionality to craft messages which escape the sandbox and facilitate XSS. Exploitation of the vulnerability is possible on behalf of an authorized user who has both of the following privileges, which are not granted to non-admins as standard: Include \"Add DataSet\" button to allow for additional DataSets to be created independently to Layouts Users should upgrade to version 4.4.2 which fixes this issue. Upgrading to a fixed version is necessary to remediate. Users unable to upgrade should revoke such privileges from users they do not trust.","published_time":"2026-06-10T21:39:09","cvss":7.6,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-6389-j56c-9fww"],"products":["xibo-cms"],"vendors":["xibosignage"]}},{"cve_id":"CVE-2026-42563","summary":"Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's `ProcessMergeDriver` substitutes the file path (from the git tree, controllable by an attacker via a malicious branch) into the merge driver command via the `%P` placeholder and executes it with `subprocess.run(..., shell=True)`. An attacker who can cause a victim to merge an untrusted branch can achieve arbitrary command execution by crafting malicious file paths. Version 1.2.5 fixes the issue.","cvss":7.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":7.7,"epss":0.00084,"ranking_epss":0.2454,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/jelmer/dulwich/commit/e3331b3b3a122fc313460182f928f59723580b7b","https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5","https://github.com/jelmer/dulwich/security/advisories/GHSA-9277-mp7x-85jf","https://github.com/jelmer/dulwich/security/advisories/GHSA-9277-mp7x-85jf"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:46","euvd":{"id":"EUVD-2026-36175","description":"Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's `ProcessMergeDriver` substitutes the file path (from the git tree, controllable by an attacker via a malicious branch) into the merge driver command via the `%P` placeholder and executes it with `subprocess.run(..., shell=True)`. An attacker who can cause a victim to merge an untrusted branch can achieve arbitrary command execution by crafting malicious file paths. Version 1.2.5 fixes the issue.","published_time":"2026-06-10T21:47:14","cvss":7.7,"cvss_version":"4.0","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/jelmer/dulwich/security/advisories/GHSA-9277-mp7x-85jf","https://github.com/jelmer/dulwich/commit/e3331b3b3a122fc313460182f928f59723580b7b","https://github.com/jelmer/dulwich/releases/tag/dulwich-1.2.5"],"products":["dulwich"],"vendors":["jelmer"]}},{"cve_id":"CVE-2026-42568","summary":"Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13.0 and 5.12.7 patch the issue.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00815,"ranking_epss":0.74728,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/yamcs/yamcs/releases/tag/yamcs-5.12.7","https://github.com/yamcs/yamcs/releases/tag/yamcs-5.13.0","https://github.com/yamcs/yamcs/security/advisories/GHSA-cqh3-jg8p-336j"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:46","euvd":{"id":"EUVD-2026-36196","description":"Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13.0 and 5.12.7 patch the issue.","published_time":"2026-06-10T22:15:52","cvss":4.3,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/yamcs/yamcs/security/advisories/GHSA-cqh3-jg8p-336j","https://github.com/yamcs/yamcs/releases/tag/yamcs-5.12.7","https://github.com/yamcs/yamcs/releases/tag/yamcs-5.13.0"],"products":["yamcs"],"vendors":["yamcs"]}},{"cve_id":"CVE-2026-44693","summary":"Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This issue has been patched in version 6.6.1.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10891,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/pi-hole/FTL/releases/tag/v6.6.1","https://github.com/pi-hole/FTL/security/advisories/GHSA-9ff5-f3v5-2xc7","https://github.com/pi-hole/FTL/security/advisories/GHSA-9ff5-f3v5-2xc7"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:46","euvd":{"id":"EUVD-2026-36194","description":"Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This issue has been patched in version 6.6.1.","published_time":"2026-06-10T22:11:29","cvss":8.8,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/pi-hole/FTL/security/advisories/GHSA-9ff5-f3v5-2xc7","https://github.com/pi-hole/FTL/releases/tag/v6.6.1"],"products":["FTL"],"vendors":["pi-hole"]}},{"cve_id":"CVE-2026-46521","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02164,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jcqp-6r6f-3mfx"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:46","euvd":{"id":"EUVD-2026-36171","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.","published_time":"2026-06-10T21:40:44","cvss":5.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jcqp-6r6f-3mfx"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2024-21944","summary":"Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00141,"ranking_epss":0.33972,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3015.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T23:16:44","euvd":{"id":"EUVD-2024-55617","description":"Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.","published_time":"2026-06-10T21:54:19","cvss":5.3,"cvss_version":"3.1","epss":0.0,"assigner":"AMD","references":["https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3015.html"],"products":["AMD EPYC™ 9004 Series Processor","AMD EPYC™ 7003 Series Processors","AMD EPYC™ 9004 Series Processor","AMD EPYC™ 7003 Series Processors"],"vendors":["AMD"]}},{"cve_id":"CVE-2026-53738","summary":"Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks.","cvss":7.2,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":7.2,"epss":0.00036,"ranking_epss":0.11249,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://wordpress.org/plugins/copy-delete-posts/","https://www.vulncheck.com/advisories/copy-delete-posts-through-privilege-escalation-via-cdp-action-handling-handler"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:17:02","euvd":{"id":"EUVD-2026-36139","description":"Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks.","published_time":"2026-06-10T20:39:43","cvss":7.2,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://wordpress.org/plugins/copy-delete-posts/","https://www.vulncheck.com/advisories/copy-delete-posts-through-privilege-escalation-via-cdp-action-handling-handler"],"products":["Copy & Delete Posts"],"vendors":["Inisev"]}},{"cve_id":"CVE-2026-53739","summary":"Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicate_post_show_notice site option, suppressing admin notices network-wide.","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":5.1,"epss":0.00014,"ranking_epss":0.02911,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://wordpress.org/plugins/duplicate-post/","https://www.vulncheck.com/advisories/yoast-duplicate-post-through-cross-site-request-forgery-via-duplicate-post-dismiss-notice"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:17:02","euvd":{"id":"EUVD-2026-36140","description":"Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicate_post_show_notice site option, suppressing admin notices network-wide.","published_time":"2026-06-10T20:39:44","cvss":5.1,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://wordpress.org/plugins/duplicate-post/","https://www.vulncheck.com/advisories/yoast-duplicate-post-through-cross-site-request-forgery-via-duplicate-post-dismiss-notice"],"products":["Yoast Duplicate Post"],"vendors":["Yoast"]}},{"cve_id":"CVE-2026-53740","summary":"Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice.","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":5.1,"epss":0.00029,"ranking_epss":0.08712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://wordpress.org/plugins/duplicate-post/","https://www.vulncheck.com/advisories/yoast-duplicate-post-through-stored-cross-site-scripting-via-scheduled-republish-notice"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:17:02","euvd":{"id":"EUVD-2026-36141","description":"Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice.","published_time":"2026-06-10T20:39:44","cvss":5.1,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://wordpress.org/plugins/duplicate-post/","https://www.vulncheck.com/advisories/yoast-duplicate-post-through-stored-cross-site-scripting-via-scheduled-republish-notice"],"products":["Yoast Duplicate Post"],"vendors":["Yoast"]}},{"cve_id":"CVE-2026-53741","summary":"Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor.","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":5.1,"epss":0.00029,"ranking_epss":0.08712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://wordpress.org/plugins/simple-link-directory/","https://www.vulncheck.com/advisories/simple-link-directory-through-stored-xss-via-sld-no-results-found-option"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:17:02","euvd":{"id":"EUVD-2026-36142","description":"Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor.","published_time":"2026-06-10T20:39:45","cvss":5.1,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://wordpress.org/plugins/simple-link-directory/","https://www.vulncheck.com/advisories/simple-link-directory-through-stored-xss-via-sld-no-results-found-option"],"products":["Simple Link Directory"],"vendors":["QuantumCloud"]}},{"cve_id":"CVE-2026-53742","summary":"Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser.","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":5.1,"epss":0.00029,"ranking_epss":0.08712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://wordpress.org/plugins/simple-link-directory/","https://www.vulncheck.com/advisories/simple-link-directory-through-stored-xss-via-embed-shortcode-attributes"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:17:02","euvd":{"id":"EUVD-2026-36143","description":"Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser.","published_time":"2026-06-10T20:39:46","cvss":5.1,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://wordpress.org/plugins/simple-link-directory/","https://www.vulncheck.com/advisories/simple-link-directory-through-stored-xss-via-embed-shortcode-attributes"],"products":["Simple Link Directory"],"vendors":["QuantumCloud"]}},{"cve_id":"CVE-2026-48108","summary":"Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing pre-banner lines from clients, and the reader did not enforce a bounded number of pre-banner lines. For a library server built on russh, this could allow a remote peer to hold connection setup resources in the cleartext pre-authentication phase with malformed identification input that should have been rejected early. This issue has been patched in version 0.61.0.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00123,"ranking_epss":0.30956,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/Eugeny/russh/security/advisories/GHSA-76r6-x97p-67vr","https://github.com/Eugeny/russh/security/advisories/GHSA-76r6-x97p-67vr"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:17:01","euvd":{"id":"EUVD-2026-36130","description":"Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing pre-banner lines from clients, and the reader did not enforce a bounded number of pre-banner lines. For a library server built on russh, this could allow a remote peer to hold connection setup resources in the cleartext pre-authentication phase with malformed identification input that should have been rejected early. This issue has been patched in version 0.61.0.","published_time":"2026-06-10T20:24:56","cvss":5.3,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/Eugeny/russh/security/advisories/GHSA-76r6-x97p-67vr"],"products":["russh"],"vendors":["Eugeny"]}},{"cve_id":"CVE-2026-48110","summary":"Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer could send oversized, high-fanout, or malformed length-prefixed fields and make the library allocate, attempt to allocate, or split data before rejecting input that should have been rejected earlier. This issue has been patched in version 0.61.0.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18799,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/Eugeny/russh/security/advisories/GHSA-4r3c-5hpg-58qr","https://github.com/Eugeny/russh/security/advisories/GHSA-4r3c-5hpg-58qr"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:17:01","euvd":{"id":"EUVD-2026-36131","description":"Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer could send oversized, high-fanout, or malformed length-prefixed fields and make the library allocate, attempt to allocate, or split data before rejecting input that should have been rejected earlier. This issue has been patched in version 0.61.0.","published_time":"2026-06-10T20:26:29","cvss":7.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/Eugeny/russh/security/advisories/GHSA-4r3c-5hpg-58qr"],"products":["russh"],"vendors":["Eugeny"]}},{"cve_id":"CVE-2026-50131","summary":"Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime document and media fetching. However, the IPv4 validation logic present starting in version 0.11.2 and prior to versions 1.9.12, 1.10.11, 2.0.19, 2.1.15, and 2.2.4 appears incomplete. The `validatePublicUrl()` protection relies on `isValidPublicIPv4Address()` to reject non-public IPv4 destinations. The function blocks common private and local ranges such as `10.0.0.0/8`, `127.0.0.0/8`, `169.254.0.0/16`, `172.16.0.0/12`, and `192.168.0.0/16`, but it still treats several special-use, reserved, multicast, benchmarking, and carrier-grade NAT IPv4 ranges as valid public destinations. Because this validation is used as an SSRF defense before outbound fetches, this appears to be an incomplete mitigation or bypass class for the previous SSRF issue. Versions 1.9.12, 1.10.11, 2.0.19, 2.1.15, and 2.2.4 contain an updated patch.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18973,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/fedify-dev/fedify/security/advisories/GHSA-xw9q-2mv6-9fr8","https://github.com/fedify-dev/fedify/security/advisories/GHSA-xw9q-2mv6-9fr8"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:17:01","euvd":{"id":"EUVD-2026-36132","description":"Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime document and media fetching. However, the IPv4 validation logic present starting in version 0.11.2 and prior to versions 1.9.12, 1.10.11, 2.0.19, 2.1.15, and 2.2.4 appears incomplete. The `validatePublicUrl()` protection relies on `isValidPublicIPv4Address()` to reject non-public IPv4 destinations. The function blocks common private and local ranges such as `10.0.0.0/8`, `127.0.0.0/8`, `169.254.0.0/16`, `172.16.0.0/12`, and `192.168.0.0/16`, but it still treats several special-use, reserved, multicast, benchmarking, and carrier-grade NAT IPv4 ranges as valid public destinations. Because this validation is used as an SSRF defense before outbound fetches, this appears to be an incomplete mitigation or bypass class for the previous SSRF issue. Versions 1.9.12, 1.10.11, 2.0.19, 2.1.15, and 2.2.4 contain an updated patch.","published_time":"2026-06-10T20:27:43","cvss":8.6,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/fedify-dev/fedify/security/advisories/GHSA-xw9q-2mv6-9fr8"],"products":["fedify","fedify","vocab-runtime","vocab-runtime","vocab-runtime","fedify","fedify","fedify"],"vendors":["fedify-dev"]}},{"cve_id":"CVE-2026-53634","summary":"Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints of the Quick Creation Command feature did not enforce any authorization check. An authenticated Sharp user without create permission on a given entity could bypass the authorization layer and either retrieve the creation form or submit new records for that entity, as long as it had a Quick Creation Command handler configured. This issue has been patched in version 9.22.3.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07969,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/code16/sharp/commit/aa18a85fd8fef830988a336cad2278986729d21a","https://github.com/code16/sharp/pull/729","https://github.com/code16/sharp/releases/tag/v9.22.3","https://github.com/code16/sharp/security/advisories/GHSA-vmwx-m75v-qvch"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:17:01","euvd":{"id":"EUVD-2026-36117","description":"Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints of the Quick Creation Command feature did not enforce any authorization check. An authenticated Sharp user without create permission on a given entity could bypass the authorization layer and either retrieve the creation form or submit new records for that entity, as long as it had a Quick Creation Command handler configured. This issue has been patched in version 9.22.3.","published_time":"2026-06-10T20:03:33","cvss":4.3,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/code16/sharp/security/advisories/GHSA-vmwx-m75v-qvch","https://github.com/code16/sharp/pull/729","https://github.com/code16/sharp/commit/aa18a85fd8fef830988a336cad2278986729d21a","https://github.com/code16/sharp/releases/tag/v9.22.3"],"products":["sharp"],"vendors":["code16"]}},{"cve_id":"CVE-2026-53736","summary":"Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate_post action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type.","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":5.1,"epss":0.00014,"ranking_epss":0.02911,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://wordpress.org/plugins/easy-twitter-feeds/","https://www.vulncheck.com/advisories/easy-twitter-feeds-before-cross-site-request-forgery-via-duplicate-post-action"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:17:01","euvd":{"id":"EUVD-2026-36137","description":"Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate_post action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type.","published_time":"2026-06-10T20:39:41","cvss":5.1,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://wordpress.org/plugins/easy-twitter-feeds/","https://www.vulncheck.com/advisories/easy-twitter-feeds-before-cross-site-request-forgery-via-duplicate-post-action"],"products":["Easy Twitter Feeds"],"vendors":["bPlugins"]}},{"cve_id":"CVE-2026-53737","summary":"Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads.","cvss":5.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":5.3,"epss":0.00029,"ranking_epss":0.08804,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://wordpress.org/plugins/juicer/","https://www.vulncheck.com/advisories/juicer-through-stored-cross-site-scripting-via-unescaped-api-response"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:17:01","euvd":{"id":"EUVD-2026-36138","description":"Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads.","published_time":"2026-06-10T20:39:42","cvss":5.3,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://wordpress.org/plugins/juicer/","https://www.vulncheck.com/advisories/juicer-through-stored-cross-site-scripting-via-unescaped-api-response"],"products":["Juicer"],"vendors":["saas.group"]}},{"cve_id":"CVE-2026-46669","summary":"OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's try_honest_pairing_check function invokes Theorem 3 of https://eprint.iacr.org/2024/640.pdf but does not check that the scaling factor s is in a proper subfield of Fp12. This allows incorrect results to the pairing check. This issue has been patched in version 1.6.0.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.7,"epss":0.00085,"ranking_epss":0.24633,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/openvm-org/openvm/releases/tag/v1.6.0","https://github.com/openvm-org/openvm/security/advisories/GHSA-76mq-v757-53gr","https://github.com/openvm-org/openvm/security/advisories/GHSA-76mq-v757-53gr"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:17:00","euvd":{"id":"EUVD-2026-36121","description":"OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's try_honest_pairing_check function invokes Theorem 3 of https://eprint.iacr.org/2024/640.pdf but does not check that the scaling factor s is in a proper subfield of Fp12. This allows incorrect results to the pairing check. This issue has been patched in version 1.6.0.","published_time":"2026-06-10T20:09:31","cvss":8.7,"cvss_version":"4.0","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/openvm-org/openvm/security/advisories/GHSA-76mq-v757-53gr","https://github.com/openvm-org/openvm/releases/tag/v1.6.0"],"products":["openvm"],"vendors":["openvm-org"]}},{"cve_id":"CVE-2026-46673","summary":"Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth before validation. In older russh releases before 0.58.0, remote SSH traffic also reached CryptoVec through transport and compression buffers. This issue has been patched in version 0.60.3.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/Eugeny/russh/security/advisories/GHSA-g9f8-wqj9-fjw5","https://github.com/Eugeny/russh/security/advisories/GHSA-g9f8-wqj9-fjw5"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:17:00","euvd":{"id":"EUVD-2026-36124","description":"Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth before validation. In older russh releases before 0.58.0, remote SSH traffic also reached CryptoVec through transport and compression buffers. This issue has been patched in version 0.60.3.","published_time":"2026-06-10T20:16:28","cvss":7.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/Eugeny/russh/security/advisories/GHSA-g9f8-wqj9-fjw5"],"products":["russh"],"vendors":["Eugeny"]}},{"cve_id":"CVE-2026-46679","summary":"libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node with default options. This issue has been patched in version 15.0.23.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18799,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/libp2p/js-libp2p/security/advisories/GHSA-4f8r-922h-2vgv","https://github.com/libp2p/js-libp2p/security/advisories/GHSA-4f8r-922h-2vgv"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:17:00","euvd":{"id":"EUVD-2026-36152","description":"libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node with default options. This issue has been patched in version 15.0.23.","published_time":"2026-06-10T21:08:52","cvss":7.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/libp2p/js-libp2p/security/advisories/GHSA-4f8r-922h-2vgv"],"products":["js-libp2p"],"vendors":["libp2p"]}},{"cve_id":"CVE-2026-46689","summary":"Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses (≈ 4–12 KB) drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds to stack overflow with std::process::abort() — the entire kanidmd process exits. The parse runs inside axum's Query<ScimEntryGetQuery> extractor, before any handler body and therefore before any ACL check. This issue has been patched in version 1.9.3.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.7,"epss":0.00042,"ranking_epss":0.1325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/kanidm/kanidm/releases/tag/v1.9.3","https://github.com/kanidm/kanidm/security/advisories/GHSA-r5fr-9gmv-jggh","https://github.com/kanidm/kanidm/security/advisories/GHSA-r5fr-9gmv-jggh"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:17:00","euvd":{"id":"EUVD-2026-36133","description":"Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses (≈ 4–12 KB) drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds to stack overflow with std::process::abort() — the entire kanidmd process exits. The parse runs inside axum's Query<ScimEntryGetQuery> extractor, before any handler body and therefore before any ACL check. This issue has been patched in version 1.9.3.","published_time":"2026-06-10T20:28:44","cvss":8.7,"cvss_version":"4.0","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/kanidm/kanidm/security/advisories/GHSA-r5fr-9gmv-jggh","https://github.com/kanidm/kanidm/releases/tag/v1.9.3"],"products":["kanidm"],"vendors":["kanidm"]}},{"cve_id":"CVE-2026-46702","summary":"Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer to send oversized post-decompression packets that should have been rejected. In current releases, this is a remote denial-of-service / resource-exhaustion issue in the post-decompression receive path. In older releases before 0.58.0, the same remote decompression path used CryptoVec, which appears to make the historical impact worse. This issue has been patched in version 0.61.1.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/Eugeny/russh/security/advisories/GHSA-wwx6-x28x-8259","https://github.com/Eugeny/russh/security/advisories/GHSA-wwx6-x28x-8259"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:17:00","euvd":{"id":"EUVD-2026-36125","description":"Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer to send oversized post-decompression packets that should have been rejected. In current releases, this is a remote denial-of-service / resource-exhaustion issue in the post-decompression receive path. In older releases before 0.58.0, the same remote decompression path used CryptoVec, which appears to make the historical impact worse. This issue has been patched in version 0.61.1.","published_time":"2026-06-10T20:19:18","cvss":7.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/Eugeny/russh/security/advisories/GHSA-wwx6-x28x-8259"],"products":["russh"],"vendors":["Eugeny"]}},{"cve_id":"CVE-2026-46705","summary":"Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSH_MSG_USERAUTH_REQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user name and service name fields to change between authentication requests. The issue is not that such changes are invalid. The issue is that russh-owned authentication state, such as remaining methods, partial-success state, and in-progress method state, can remain associated with the connection and then influence a later request for a different (user, service). This is an internal library state mismatch. This issue has been patched in version 0.61.0.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.10873,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/Eugeny/russh/security/advisories/GHSA-hpv4-5h6f-wqr3","https://github.com/Eugeny/russh/security/advisories/GHSA-hpv4-5h6f-wqr3"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:17:00","euvd":{"id":"EUVD-2026-36126","description":"Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSH_MSG_USERAUTH_REQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user name and service name fields to change between authentication requests. The issue is not that such changes are invalid. The issue is that russh-owned authentication state, such as remaining methods, partial-success state, and in-progress method state, can remain associated with the connection and then influence a later request for a different (user, service). This is an internal library state mismatch. This issue has been patched in version 0.61.0.","published_time":"2026-06-10T20:21:35","cvss":5.3,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/Eugeny/russh/security/advisories/GHSA-hpv4-5h6f-wqr3"],"products":["russh"],"vendors":["Eugeny"]}},{"cve_id":"CVE-2026-48011","summary":"Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.18 and 6.7.10.1 fix the issue.","cvss":3.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.08216,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/shopware/shopware/releases/tag/v6.6.10.18","https://github.com/shopware/shopware/releases/tag/v6.7.10.1","https://github.com/shopware/shopware/security/advisories/GHSA-7w52-7jvm-m9vw","https://github.com/shopware/shopware/security/advisories/GHSA-7w52-7jvm-m9vw"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:17:00","euvd":{"id":"EUVD-2026-36120","description":"Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.18 and 6.7.10.1 fix the issue.","published_time":"2026-06-10T20:07:02","cvss":3.7,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/shopware/shopware/security/advisories/GHSA-7w52-7jvm-m9vw","https://github.com/shopware/shopware/releases/tag/v6.6.10.18","https://github.com/shopware/shopware/releases/tag/v6.7.10.1"],"products":["shopware","shopware"],"vendors":["shopware"]}},{"cve_id":"CVE-2026-48107","summary":"Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTH_INFO_REQUEST with an attacker-controlled prompt count, and the client would use that raw count directly in Vec::with_capacity(...) before validating that enough prompt data was actually present in the packet. This issue has been patched in version 0.61.0.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00107,"ranking_epss":0.28469,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/Eugeny/russh/security/advisories/GHSA-g9g7-5cgw-6v28"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:17:00","euvd":{"id":"EUVD-2026-36129","description":"Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTH_INFO_REQUEST with an attacker-controlled prompt count, and the client would use that raw count directly in Vec::with_capacity(...) before validating that enough prompt data was actually present in the packet. This issue has been patched in version 0.61.0.","published_time":"2026-06-10T20:23:45","cvss":6.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/Eugeny/russh/security/advisories/GHSA-g9g7-5cgw-6v28"],"products":["russh"],"vendors":["Eugeny"]}},{"cve_id":"CVE-2026-45783","summary":"libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUT_VALUE messages whose keys bypass all content validation. No credentials, no prior relationship, and no protocol deviation beyond a crafted key are required. The victim node's datastore fills until the host disk is exhausted, making the node unavailable. This issue has been patched in version 16.2.6.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18799,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/libp2p/js-libp2p/security/advisories/GHSA-32mq-hpph-xfvr","https://github.com/libp2p/js-libp2p/security/advisories/GHSA-32mq-hpph-xfvr"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:59","euvd":{"id":"EUVD-2026-36153","description":"libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUT_VALUE messages whose keys bypass all content validation. No credentials, no prior relationship, and no protocol deviation beyond a crafted key are required. The victim node's datastore fills until the host disk is exhausted, making the node unavailable. This issue has been patched in version 16.2.6.","published_time":"2026-06-10T21:09:40","cvss":7.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/libp2p/js-libp2p/security/advisories/GHSA-32mq-hpph-xfvr"],"products":["js-libp2p"],"vendors":["libp2p"]}},{"cve_id":"CVE-2026-46520","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different dimensions an out of bounds heap write can occur. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-36wm-hprc-mcf5"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:59","euvd":{"id":"EUVD-2026-36164","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different dimensions an out of bounds heap write can occur. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.","published_time":"2026-06-10T21:31:57","cvss":7.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-36wm-hprc-mcf5"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-46522","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and 6.9.13-48 fix the issue.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01061,"ranking_epss":0.7806,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7gg8-qqx7-92g5"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:59","euvd":{"id":"EUVD-2026-36162","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and 6.9.13-48 fix the issue.","published_time":"2026-06-10T21:30:41","cvss":7.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7gg8-qqx7-92g5"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-46523","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger a heap-use-after-free. Versions 7.1.2.23 and 6.9.13-48 fix the issue.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02164,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5r4x-w6p5-222q"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:59","euvd":{"id":"EUVD-2026-36155","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger a heap-use-after-free. Versions 7.1.2.23 and 6.9.13-48 fix the issue.","published_time":"2026-06-10T21:22:02","cvss":6.2,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5r4x-w6p5-222q"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-46625","summary":"JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign() helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's \"__proto__\" member is an own enumerable property, so the for…in enumerates it and the target[key] = source[key] write triggers the Object.prototype.__proto__ setter on the fresh target ({}). The result is a per-instance prototype hijack: Object.prototype itself is untouched, but the merged attributes object now inherits attacker-controlled keys. Because the consuming set() function then enumerates the merged object with another for...in, every key the attacker placed on the polluted prototype lands in the resulting Set-Cookie string as an attribute pair. The attacker can set domain=, secure=, samesite=, expires=, and path= on cookies whose attributes the developer thought were locked down. This issue has been patched in version 3.0.7.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08905,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/js-cookie/js-cookie/commit/eb3c40e89731e99b8970faaf35ddad249c6c0020","https://github.com/js-cookie/js-cookie/releases/tag/v3.0.7","https://github.com/js-cookie/js-cookie/security/advisories/GHSA-qjx8-664m-686j","https://github.com/js-cookie/js-cookie/security/advisories/GHSA-qjx8-664m-686j"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:59","euvd":{"id":"EUVD-2026-36154","description":"JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign() helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's \"__proto__\" member is an own enumerable property, so the for…in enumerates it and the target[key] = source[key] write triggers the Object.prototype.__proto__ setter on the fresh target ({}). The result is a per-instance prototype hijack: Object.prototype itself is untouched, but the merged attributes object now inherits attacker-controlled keys. Because the consuming set() function then enumerates the merged object with another for...in, every key the attacker placed on the polluted prototype lands in the resulting Set-Cookie string as an attribute pair. The attacker can set domain=, secure=, samesite=, expires=, and path= on cookies whose attributes the developer thought were locked down. This issue has been patched in version 3.0.7.","published_time":"2026-06-10T21:18:05","cvss":7.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/js-cookie/js-cookie/security/advisories/GHSA-qjx8-664m-686j","https://github.com/js-cookie/js-cookie/commit/eb3c40e89731e99b8970faaf35ddad249c6c0020","https://github.com/js-cookie/js-cookie/releases/tag/v3.0.7"],"products":["js-cookie"],"vendors":["js-cookie"]}},{"cve_id":"CVE-2026-46654","summary":"Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5.3.","cvss":8.9,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.9,"epss":0.00013,"ranking_epss":0.02275,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/Plonky3/Plonky3/security/advisories/GHSA-vj64-rjf3-w3v7"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:59","euvd":{"id":"EUVD-2026-36119","description":"Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5.3.","published_time":"2026-06-10T20:06:10","cvss":8.9,"cvss_version":"4.0","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/Plonky3/Plonky3/security/advisories/GHSA-vj64-rjf3-w3v7"],"products":["Plonky3","Plonky3"],"vendors":["Plonky3"]}},{"cve_id":"CVE-2026-46668","summary":"SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0.","cvss":2.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":2.3,"epss":0.0003,"ranking_epss":0.0906,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/authzed/spicedb/pull/3065","https://github.com/authzed/spicedb/releases/tag/v1.52.0","https://github.com/authzed/spicedb/security/advisories/GHSA-mqcf-gqvg-rmhm"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:59","euvd":{"id":"EUVD-2026-36122","description":"SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before version 1.52.0, caveat structures with nested lists can result in improper cache reuse. This issue has been patched in version 1.52.0.","published_time":"2026-06-10T20:11:44","cvss":2.3,"cvss_version":"4.0","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/authzed/spicedb/security/advisories/GHSA-mqcf-gqvg-rmhm","https://github.com/authzed/spicedb/pull/3065","https://github.com/authzed/spicedb/releases/tag/v1.52.0"],"products":["spicedb"],"vendors":["authzed"]}},{"cve_id":"CVE-2026-45359","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation. This issue has been patched in versions 6.9.13-48 and 7.1.2-22.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02298,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhrh-72hq-w8m7"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:58","euvd":{"id":"EUVD-2026-36160","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation. This issue has been patched in versions 6.9.13-48 and 7.1.2-22.","published_time":"2026-06-10T21:26:32","cvss":5.7,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhrh-72hq-w8m7"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-45380","summary":"bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allows an attacker to craft a .7z archive that, when extracted with bit7z on any non-Windows platform, creates a symlink escaping the intended output directory. Subsequent archive entries extracted through this symlink write arbitrary files outside the extraction directory with the permissions of the extracting process. This issue has been patched in version 4.0.12.","cvss":3.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.6,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01633,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/rikyoz/bit7z/releases/tag/v4.0.12","https://github.com/rikyoz/bit7z/security/advisories/GHSA-8wj8-9jwv-j24v","https://github.com/rikyoz/bit7z/security/advisories/GHSA-8wj8-9jwv-j24v"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:58","euvd":{"id":"EUVD-2026-36116","description":"bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allows an attacker to craft a .7z archive that, when extracted with bit7z on any non-Windows platform, creates a symlink escaping the intended output directory. Subsequent archive entries extracted through this symlink write arbitrary files outside the extraction directory with the permissions of the extracting process. This issue has been patched in version 4.0.12.","published_time":"2026-06-10T20:00:24","cvss":3.6,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/rikyoz/bit7z/security/advisories/GHSA-8wj8-9jwv-j24v","https://github.com/rikyoz/bit7z/releases/tag/v4.0.12"],"products":["bit7z"],"vendors":["rikyoz"]}},{"cve_id":"CVE-2026-45384","summary":"bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/rikyoz/bit7z/releases/tag/v4.0.12","https://github.com/rikyoz/bit7z/security/advisories/GHSA-wjch-42rm-q53h","https://github.com/rikyoz/bit7z/security/advisories/GHSA-wjch-42rm-q53h"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:58","euvd":{"id":"EUVD-2026-36115","description":"bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12.","published_time":"2026-06-10T20:00:19","cvss":6.1,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/rikyoz/bit7z/security/advisories/GHSA-wjch-42rm-q53h","https://github.com/rikyoz/bit7z/releases/tag/v4.0.12"],"products":["bit7z"],"vendors":["rikyoz"]}},{"cve_id":"CVE-2026-45624","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifying specific arguments. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02015,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pfvh-m9xv-8966"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:58","euvd":{"id":"EUVD-2026-36161","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifying specific arguments. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.","published_time":"2026-06-10T21:29:28","cvss":5.1,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pfvh-m9xv-8966"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-45664","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.12002,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g5mf-wqq5-vwg6"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:58","euvd":{"id":"EUVD-2026-36163","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.","published_time":"2026-06-10T21:30:51","cvss":5.3,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g5mf-wqq5-vwg6"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-42326","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.","cvss":5.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.1,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02015,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7wff-wpr6-vmhm"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:57","euvd":{"id":"EUVD-2026-36158","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.","published_time":"2026-06-10T21:25:35","cvss":5.1,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7wff-wpr6-vmhm"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-42462","summary":"Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its Linked Data Signature, allowing them to alter a third-party signed activity they have received. Versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3 fix the issue.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11701,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/fedify-dev/fedify/releases/tag/2.2.3","https://github.com/fedify-dev/fedify/security/advisories/GHSA-9rfg-v8g9-9367"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:57","euvd":{"id":"EUVD-2026-36127","description":"Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its Linked Data Signature, allowing them to alter a third-party signed activity they have received. Versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3 fix the issue.","published_time":"2026-06-10T20:22:35","cvss":7.0,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/fedify-dev/fedify/security/advisories/GHSA-9rfg-v8g9-9367","https://github.com/fedify-dev/fedify/releases/tag/2.2.3"],"products":["fedify","fedify","fedify","fedify","fedify"],"vendors":["fedify-dev"]}},{"cve_id":"CVE-2026-42542","summary":"TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version 3.4.1.6 fixes the issue.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.23906,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/taosdata/TDengine/releases/tag/ver-3.4.1.6","https://github.com/taosdata/TDengine/security/advisories/GHSA-vg95-j2hf-hvjx"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:57","euvd":{"id":"EUVD-2026-36136","description":"TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version 3.4.1.6 fixes the issue.","published_time":"2026-06-10T20:32:38","cvss":7.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/taosdata/TDengine/security/advisories/GHSA-vg95-j2hf-hvjx","https://github.com/taosdata/TDengine/releases/tag/ver-3.4.1.6"],"products":["TDengine"],"vendors":["taosdata"]}},{"cve_id":"CVE-2026-44692","summary":"Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the requested storage object is not bound to the authorized entity instance, an authenticated Sharp user who can view one valid record may use that record as an authorization anchor to download unrelated disk-relative objects from configured Laravel Storage disks. The confirmed impact is authenticated disclosure of unrelated objects from configured Laravel Storage disks. This issue does not imply arbitrary host filesystem access outside configured Laravel Storage disk roots. This issue has been patched in version 9.22.0.","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.08548,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/code16/sharp/releases/tag/v9.22.0","https://github.com/code16/sharp/security/advisories/GHSA-748w-hm6r-qc7v"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:57","euvd":{"id":"EUVD-2026-36118","description":"Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the requested storage object is not bound to the authorized entity instance, an authenticated Sharp user who can view one valid record may use that record as an authorization anchor to download unrelated disk-relative objects from configured Laravel Storage disks. The confirmed impact is authenticated disclosure of unrelated objects from configured Laravel Storage disks. This issue does not imply arbitrary host filesystem access outside configured Laravel Storage disk roots. This issue has been patched in version 9.22.0.","published_time":"2026-06-10T20:03:48","cvss":7.7,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/code16/sharp/security/advisories/GHSA-748w-hm6r-qc7v","https://github.com/code16/sharp/releases/tag/v9.22.0"],"products":["sharp"],"vendors":["code16"]}},{"cve_id":"CVE-2026-45031","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, due to a missing check in the PSD decoder it would be possible to bypass the list-length resource policy when decoding a PSD image. Other security limits would still apply. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.12002,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cwpj-h54c-xjpx"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:57","euvd":{"id":"EUVD-2026-36157","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, due to a missing check in the PSD decoder it would be possible to bypass the list-length resource policy when decoding a PSD image. Other security limits would still apply. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.","published_time":"2026-06-10T21:25:20","cvss":5.3,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cwpj-h54c-xjpx"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-45358","summary":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.08297,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr6r-hmj8-pr7r"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:57","euvd":{"id":"EUVD-2026-36159","description":"ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder. This issue has been patched in versions 6.9.13-47 and 7.1.2-22.","published_time":"2026-06-10T21:26:05","cvss":5.3,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr6r-hmj8-pr7r"],"products":["ImageMagick","ImageMagick"],"vendors":["ImageMagick"]}},{"cve_id":"CVE-2026-2049","summary":"GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28618.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18312,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://gitlab.gnome.org/GNOME/gegl/-/issues/450","https://www.zerodayinitiative.com/advisories/ZDI-26-214/"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:56","euvd":{"id":"EUVD-2026-36156","description":"GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28618.","published_time":"2026-06-10T21:22:47","cvss":7.8,"cvss_version":"3.0","epss":0.0,"assigner":"zdi","references":["https://www.zerodayinitiative.com/advisories/ZDI-26-214/","https://gitlab.gnome.org/GNOME/gegl/-/issues/450"],"products":["GIMP"],"vendors":["GIMP"]}},{"cve_id":"CVE-2026-0274","summary":"An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.","cvss":8.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.1,"epss":0.00037,"ranking_epss":0.1132,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.paloaltonetworks.com/CVE-2026-0274"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:55","euvd":{"id":"EUVD-2026-36150","description":"An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.","published_time":"2026-06-10T21:02:26","cvss":8.1,"cvss_version":"4.0","epss":0.0,"assigner":"palo_alto","references":["https://security.paloaltonetworks.com/CVE-2026-0274"],"products":["Cortex XSOAR CommvaultSecurityIQ Marketplace","Cortex XSIAM CommvaultSecurityIQ Marketplace"],"vendors":["Palo Alto Networks"]}},{"cve_id":"CVE-2026-10142","summary":"kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a specially crafted frame length through the receive_bytes() function to trigger either a multi-gigabyte memory allocation or an uncaught ValueError that leaves the connection in a broken state, causing requests to hang and consumers to stop heartbeating until restart.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":8.7,"epss":0.00042,"ranking_epss":0.13006,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b","https://github.com/dpkp/kafka-python/pull/3019","https://github.com/dpkp/kafka-python/pull/3026","https://www.vulncheck.com/advisories/kafka-python-prior-to-denial-of-service-via-protocol-parser-frame-length"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:55","euvd":{"id":"EUVD-2026-36123","description":"kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a specially crafted frame length through the receive_bytes() function to trigger either a multi-gigabyte memory allocation or an uncaught ValueError that leaves the connection in a broken state, causing requests to hang and consumers to stop heartbeating until restart.","published_time":"2026-06-10T20:13:11","cvss":8.7,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://www.vulncheck.com/advisories/kafka-python-prior-to-denial-of-service-via-protocol-parser-frame-length","https://github.com/dpkp/kafka-python/pull/3019","https://github.com/dpkp/kafka-python/pull/3026","https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b"],"products":["kafka-python"],"vendors":["Dana Powers"]}},{"cve_id":"CVE-2026-10143","summary":"kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.process_server_first_message() passes the broker-controlled SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation, blocking producer sends, consumer polls, admin operations, and heartbeats, which can cause consumer group eviction and repeated reconnect failures.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":8.7,"epss":0.00069,"ranking_epss":0.2138,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b","https://github.com/dpkp/kafka-python/pull/3019","https://github.com/dpkp/kafka-python/pull/3026","https://www.vulncheck.com/advisories/kafka-python-prior-to-dos-via-scram-iteration-count-in-scram-py"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:55","euvd":{"id":"EUVD-2026-36128","description":"kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.process_server_first_message() passes the broker-controlled SCRAM iteration count directly to hashlib.pbkdf2_hmac() without validation, blocking producer sends, consumer polls, admin operations, and heartbeats, which can cause consumer group eviction and repeated reconnect failures.","published_time":"2026-06-10T20:22:39","cvss":8.7,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://github.com/dpkp/kafka-python/pull/3019","https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b","https://github.com/dpkp/kafka-python/pull/3026","https://www.vulncheck.com/advisories/kafka-python-prior-to-dos-via-scram-iteration-count-in-scram-py"],"products":["kafka-python"],"vendors":["Dana Powers"]}},{"cve_id":"CVE-2026-11604","summary":"An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kernel memory corruption via a crafted data packet, resulting in a system crash (denial of service).","cvss":5.6,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":5.6,"epss":0.00079,"ranking_epss":0.2346,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://community.openvpn.net/Security%20Announcements/CVE-2026-11604","https://github.com/OpenVPN/ovpn-dco-win/releases"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:55","euvd":{"id":"EUVD-2026-36151","description":"An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kernel memory corruption via a crafted data packet, resulting in a system crash (denial of service).","published_time":"2026-06-10T21:04:37","cvss":5.6,"cvss_version":"4.0","epss":0.0,"assigner":"OpenVPN","references":["https://github.com/OpenVPN/ovpn-dco-win/releases","https://community.openvpn.net/Security%20Announcements/CVE-2026-11604"],"products":["ovpn-dco-win"],"vendors":["OpenVPN"]}},{"cve_id":"CVE-2026-0271","summary":"A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges.\n\n\n\nThis does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.","cvss":5.9,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":5.9,"epss":0.00013,"ranking_epss":0.0196,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.paloaltonetworks.com/CVE-2026-0271"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:54","euvd":{"id":"EUVD-2026-36147","description":"A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges.\n\n\n\nThis does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.","published_time":"2026-06-10T20:59:51","cvss":5.9,"cvss_version":"4.0","epss":0.0,"assigner":"palo_alto","references":["https://security.paloaltonetworks.com/CVE-2026-0271"],"products":["Prisma Access Agent"],"vendors":["Palo Alto Networks"]}},{"cve_id":"CVE-2026-0272","summary":"A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges.\n\n\n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management interface to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\n\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW, and Prisma® Access are not impacted by this vulnerability.","cvss":6.0,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":6.0,"epss":0.00028,"ranking_epss":0.08312,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.paloaltonetworks.com/CVE-2026-0272"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:54","euvd":{"id":"EUVD-2026-36148","description":"A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges.\n\n\n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management interface to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\n\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW, and Prisma® Access are not impacted by this vulnerability.","published_time":"2026-06-10T21:01:10","cvss":6.0,"cvss_version":"4.0","epss":0.0,"assigner":"palo_alto","references":["https://security.paloaltonetworks.com/CVE-2026-0272"],"products":["PAN-OS","PAN-OS","PAN-OS","PAN-OS"],"vendors":["Palo Alto Networks"]}},{"cve_id":"CVE-2026-0273","summary":"A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI.\n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management web interface to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW and Prisma® Access are not affected by this vulnerability.","cvss":6.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":6.1,"epss":0.00255,"ranking_epss":0.49116,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.paloaltonetworks.com/CVE-2026-0273"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:54","euvd":{"id":"EUVD-2026-36149","description":"A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI.\n\nThe security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management web interface to only trusted internal IP addresses according to our recommended  best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW and Prisma® Access are not affected by this vulnerability.","published_time":"2026-06-10T21:01:45","cvss":6.1,"cvss_version":"4.0","epss":0.0,"assigner":"palo_alto","references":["https://security.paloaltonetworks.com/CVE-2026-0273"],"products":["PAN-OS","PAN-OS","PAN-OS","PAN-OS"],"vendors":["Palo Alto Networks"]}},{"cve_id":"CVE-2026-0267","summary":"An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.","cvss":4.4,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":4.4,"epss":0.00014,"ranking_epss":0.02779,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.paloaltonetworks.com/CVE-2024-8687","https://security.paloaltonetworks.com/CVE-2026-0267"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:53","euvd":{"id":"EUVD-2026-36135","description":"An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.","published_time":"2026-06-10T20:31:37","cvss":4.4,"cvss_version":"4.0","epss":0.0,"assigner":"palo_alto","references":["https://security.paloaltonetworks.com/CVE-2026-0267","https://security.paloaltonetworks.com/CVE-2024-8687"],"products":["GlobalProtect App","GlobalProtect App"],"vendors":["Palo Alto Networks"]}},{"cve_id":"CVE-2026-0268","summary":"A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel.\n\n\n\nThis does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.","cvss":4.4,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":4.4,"epss":0.00014,"ranking_epss":0.02779,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.paloaltonetworks.com/CVE-2026-0268"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:53","euvd":{"id":"EUVD-2026-36144","description":"A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel.\n\n\n\nThis does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.","published_time":"2026-06-10T20:40:11","cvss":4.4,"cvss_version":"4.0","epss":0.0,"assigner":"palo_alto","references":["https://security.paloaltonetworks.com/CVE-2026-0268"],"products":["Prisma Access Agent"],"vendors":["Palo Alto Networks"]}},{"cve_id":"CVE-2026-0269","summary":"A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.\n\n\n\nPanorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.","cvss":4.6,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":4.6,"epss":0.00016,"ranking_epss":0.03584,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.paloaltonetworks.com/CVE-2026-0269"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:53","euvd":{"id":"EUVD-2026-36145","description":"A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.\n\n\n\nPanorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.","published_time":"2026-06-10T20:54:29","cvss":4.6,"cvss_version":"4.0","epss":0.0,"assigner":"palo_alto","references":["https://security.paloaltonetworks.com/CVE-2026-0269"],"products":["PAN-OS","PAN-OS","PAN-OS","PAN-OS"],"vendors":["Palo Alto Networks"]}},{"cve_id":"CVE-2026-0270","summary":"A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux  allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.","cvss":4.8,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":4.8,"epss":0.0003,"ranking_epss":0.09107,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2007-4559","https://security.paloaltonetworks.com/CVE-2026-0270"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:53","euvd":{"id":"EUVD-2026-36146","description":"A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux  allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.","published_time":"2026-06-10T20:59:00","cvss":4.8,"cvss_version":"4.0","epss":0.0,"assigner":"palo_alto","references":["https://security.paloaltonetworks.com/CVE-2026-0270","https://nvd.nist.gov/vuln/detail/CVE-2007-4559"],"products":["Cortex XSOAR","Cortex XSOAR","Cortex XSOAR","Cortex XSOAR"],"vendors":["Palo Alto Networks"]}},{"cve_id":"CVE-2022-48575","summary":"A person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4.","cvss":3.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.5,"cvss_v4":null,"epss":7e-05,"ranking_epss":0.00644,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/213257","https://support.apple.com/en-us/102871"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:52","euvd":{"id":"EUVD-2022-56002","description":"A person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4.","published_time":"2026-06-10T20:09:04","cvss":3.5,"cvss_version":"3.1","epss":0.0,"assigner":"apple","references":["https://support.apple.com/en-us/213257"],"products":["macOS Monterey"],"vendors":["Apple"]}},{"cve_id":"CVE-2026-0266","summary":"A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. \n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW and Prisma® Access are not affected by this vulnerability.","cvss":1.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":1.1,"epss":0.00033,"ranking_epss":0.10262,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.paloaltonetworks.com/CVE-2026-0266"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:52","euvd":{"id":"EUVD-2026-36134","description":"A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. \n\nThis issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).\n\nCloud NGFW and Prisma® Access are not affected by this vulnerability.","published_time":"2026-06-10T20:30:04","cvss":1.1,"cvss_version":"4.0","epss":0.0,"assigner":"palo_alto","references":["https://security.paloaltonetworks.com/CVE-2026-0266"],"products":["PAN-OS","PAN-OS","PAN-OS","PAN-OS"],"vendors":["Palo Alto Networks"]}},{"cve_id":"CVE-2022-26758","summary":"A malicious application may cause unexpected changes in memory shared between processes. A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23247,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/213257","https://support.apple.com/en-us/102871"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T22:16:51","euvd":{"id":"EUVD-2022-56001","description":"A malicious application may cause unexpected changes in memory shared between processes. A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4.","published_time":"2026-06-10T20:09:03","cvss":7.1,"cvss_version":"3.1","epss":0.0,"assigner":"apple","references":["https://support.apple.com/en-us/213257"],"products":["macOS Monterey"],"vendors":["Apple"]}},{"cve_id":"CVE-2026-46683","summary":"Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0.","cvss":6.9,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":6.9,"epss":0.00041,"ranking_epss":0.12796,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/KnpLabs/snappy/releases/tag/v1.7.0","https://github.com/KnpLabs/snappy/security/advisories/GHSA-c5fp-p67m-gq56"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T20:17:29","euvd":{"id":"EUVD-2026-36112","description":"Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0.","published_time":"2026-06-10T19:53:09","cvss":6.9,"cvss_version":"4.0","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/KnpLabs/snappy/security/advisories/GHSA-c5fp-p67m-gq56","https://github.com/KnpLabs/snappy/releases/tag/v1.7.0"],"products":["snappy"],"vendors":["KnpLabs"]}},{"cve_id":"CVE-2026-50127","summary":"Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCS_RESTRICT_PRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions. This issue has been patched in version 2026.6.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09111,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/WeblateOrg/weblate/pull/19768","https://github.com/WeblateOrg/weblate/releases/tag/weblate-2026.6","https://github.com/WeblateOrg/weblate/security/advisories/GHSA-vmfc-9982-2m45"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T20:17:29","euvd":{"id":"EUVD-2026-36113","description":"Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCS_RESTRICT_PRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions. This issue has been patched in version 2026.6.","published_time":"2026-06-10T19:56:37","cvss":5.9,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/WeblateOrg/weblate/security/advisories/GHSA-vmfc-9982-2m45","https://github.com/WeblateOrg/weblate/pull/19768","https://github.com/WeblateOrg/weblate/releases/tag/weblate-2026.6"],"products":["weblate"],"vendors":["WeblateOrg"]}},{"cve_id":"CVE-2026-6893","summary":"A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP (Dynamic Host Configuration Protocol) options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and written into temporary shell scripts without proper escaping, leading to command injection. This allows the attacker to achieve root code execution within the initramfs, potentially compromising the system's boot and network behavior.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00156,"ranking_epss":0.36155,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/security/cve/CVE-2026-6893","https://bugzilla.redhat.com/show_bug.cgi?id=2459963"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T20:17:29","euvd":{"id":"EUVD-2026-36110","description":"A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP (Dynamic Host Configuration Protocol) options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and written into temporary shell scripts without proper escaping, leading to command injection. This allows the attacker to achieve root code execution within the initramfs, potentially compromising the system's boot and network behavior.","published_time":"2026-06-10T19:49:27","cvss":8.8,"cvss_version":"3.1","epss":0.0,"assigner":"redhat","references":["https://access.redhat.com/security/cve/CVE-2026-6893","https://bugzilla.redhat.com/show_bug.cgi?id=2459963"],"products":[],"vendors":[]}},{"cve_id":"CVE-2026-46529","summary":"Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside a malicious PDF document. The PDF can be packaged as a polyglot file that is simultaneously a valid PDF and a valid ELF shared library, making the attack a single-file, single-click, configuration-independent RCE on stock atril installations. The root cause is `shell/ev-application.c:ev_spawn`, which builds a command line from attacker-controlled PDF link-destination fields without applying `g_shell_quote`. The cmdline is then handed to `g_app_info_create_from_commandline`, which shell-parses it back into argv — splitting any embedded `--gtk-module=PATH` into a separate argv element. GTK then `dlopen()`s the path during init, running any `__attribute__((constructor))` it finds. Versions 1.26.3 and 1.28.4 contain a patch for the issue. This is the same defect class as CVE-2023-51698 (CBT `--checkpoint-action` injection in `comics-document.c`, fixed in 1.6.2) but in a different code path (`shell/ev-application.c`) that the original patch did not touch.","cvss":8.4,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.4,"epss":0.00131,"ranking_epss":0.32234,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/mate-desktop/atril/releases/tag/v1.26.3","https://github.com/mate-desktop/atril/releases/tag/v1.28.4","https://github.com/mate-desktop/atril/security/advisories/GHSA-vgv2-m826-8f6f","http://www.openwall.com/lists/oss-security/2026/05/19/34","http://www.openwall.com/lists/oss-security/2026/05/21/7","http://www.openwall.com/lists/oss-security/2026/05/22/11","https://lists.debian.org/debian-lts-announce/2026/05/msg00041.html","https://lists.debian.org/debian-lts-announce/2026/05/msg00042.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T20:17:28","euvd":{"id":"EUVD-2026-36109","description":"Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside a malicious PDF document. The PDF can be packaged as a polyglot file that is simultaneously a valid PDF and a valid ELF shared library, making the attack a single-file, single-click, configuration-independent RCE on stock atril installations. The root cause is `shell/ev-application.c:ev_spawn`, which builds a command line from attacker-controlled PDF link-destination fields without applying `g_shell_quote`. The cmdline is then handed to `g_app_info_create_from_commandline`, which shell-parses it back into argv — splitting any embedded `--gtk-module=PATH` into a separate argv element. GTK then `dlopen()`s the path during init, running any `__attribute__((constructor))` it finds. Versions 1.26.3 and 1.28.4 contain a patch for the issue. This is the same defect class as CVE-2023-51698 (CBT `--checkpoint-action` injection in `comics-document.c`, fixed in 1.6.2) but in a different code path (`shell/ev-application.c`) that the original patch did not touch.","published_time":"2026-06-10T19:46:23","cvss":8.4,"cvss_version":"4.0","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/mate-desktop/atril/security/advisories/GHSA-vgv2-m826-8f6f","https://github.com/mate-desktop/atril/releases/tag/v1.26.3","https://github.com/mate-desktop/atril/releases/tag/v1.28.4"],"products":["atril","atril"],"vendors":["mate-desktop"]}},{"cve_id":"CVE-2026-46643","summary":"Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.1, on POSIX, escapeshellarg(‘/usr/bin/wkhtmltopdf’) returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote characters included. is_executable() then looks for a file whose actual name contains those quote characters, which essentially never exists. The safe branch is dead code and $command always falls through to the raw, unescaped value. The rest of the arguments (options, input, output) are escaped correctly, so injection has to land in the binary string itself. That happens whenever the binary path is sourced from configuration that is user-influenced, derived from environment variables that ultimately come from request data, or concatenated with any user-controlled fragment. This issue has been patched in version 1.7.1.","cvss":7.5,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":7.5,"epss":0.00022,"ranking_epss":0.06508,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/KnpLabs/snappy/releases/tag/v1.7.1","https://github.com/KnpLabs/snappy/security/advisories/GHSA-vpr4-p6fq-85jc","https://github.com/KnpLabs/snappy/security/advisories/GHSA-vpr4-p6fq-85jc"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T20:17:28","euvd":{"id":"EUVD-2026-36111","description":"Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.1, on POSIX, escapeshellarg(‘/usr/bin/wkhtmltopdf’) returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote characters included. is_executable() then looks for a file whose actual name contains those quote characters, which essentially never exists. The safe branch is dead code and $command always falls through to the raw, unescaped value. The rest of the arguments (options, input, output) are escaped correctly, so injection has to land in the binary string itself. That happens whenever the binary path is sourced from configuration that is user-influenced, derived from environment variables that ultimately come from request data, or concatenated with any user-controlled fragment. This issue has been patched in version 1.7.1.","published_time":"2026-06-10T19:52:59","cvss":7.5,"cvss_version":"4.0","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/KnpLabs/snappy/security/advisories/GHSA-vpr4-p6fq-85jc","https://github.com/KnpLabs/snappy/releases/tag/v1.7.1"],"products":["snappy"],"vendors":["KnpLabs"]}},{"cve_id":"CVE-2026-45106","summary":"Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a matching search. This issue has been patched in version 2026.5.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08646,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/WeblateOrg/weblate/pull/19422","https://github.com/WeblateOrg/weblate/releases/tag/weblate-2026.5","https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6wxc-8mgq-w26m"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T20:17:27","euvd":{"id":"EUVD-2026-36114","description":"Weblate is a web based localization tool. Prior to version 2026.5, Weblate's live search preview renders unit source and context as HTML without escaping. Any contributor whose content reaches those fields stores HTML and CSS that runs inside the authenticated editor of every user who runs a matching search. This issue has been patched in version 2026.5.","published_time":"2026-06-10T19:56:49","cvss":4.6,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/WeblateOrg/weblate/security/advisories/GHSA-6wxc-8mgq-w26m","https://github.com/WeblateOrg/weblate/pull/19422","https://github.com/WeblateOrg/weblate/releases/tag/weblate-2026.5"],"products":["weblate"],"vendors":["WeblateOrg"]}},{"cve_id":"CVE-2026-1220","summary":"Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page. (Chromium security severity: High)","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.19898,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/473851441","https://issues.chromium.org/issues/473851441"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T20:16:38","euvd":{"id":"EUVD-2026-36108","description":"Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page. (Chromium security severity: High)","published_time":"2026-06-10T19:39:42","cvss":7.5,"cvss_version":"3.1","epss":0.0,"assigner":"Chrome","references":["https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_20.html","https://issues.chromium.org/issues/473851441"],"products":["Chrome"],"vendors":["Google"]}},{"cve_id":"CVE-2026-50637","summary":"Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections.\n\nThe statsd protocol (and extensions) allow mutiple metrics,separated by newlines, to be sent per packet.\n\nThe send method does not validate the contents of the metric names or values. If the names have newlines and statsd control characters (colon, pipe) then metric injections are possible.\n\nVersion 0.04 fixed this by modifying the _make method to block metric names with characters below ASCII 32 (which includes the newline), or colons or pipes.","cvss":null,"cvss_version":null,"cvss_v2":null,"cvss_v3":null,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.08309,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://metacpan.org/release/PEVANS/Metrics-Any-Adapter-Statsd-0.04/changes","https://www.cve.org/CVERecord?id=CVE-2026-46719","https://www.cve.org/CVERecord?id=CVE-2026-46720","https://www.cve.org/CVERecord?id=CVE-2026-46739"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T19:16:37","euvd":{"id":"EUVD-2026-36104","description":"Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections.\n\nThe statsd protocol (and extensions) allow mutiple metrics,separated by newlines, to be sent per packet.\n\nThe send method does not validate the contents of the metric names or values. If the names have newlines and statsd control characters (colon, pipe) then metric injections are possible.\n\nVersion 0.04 fixed this by modifying the _make method to block metric names with characters below ASCII 32 (which includes the newline), or colons or pipes.","published_time":"2026-06-10T18:32:11","cvss":0.0,"cvss_version":null,"epss":0.0,"assigner":"CPANSec","references":["https://metacpan.org/release/PEVANS/Metrics-Any-Adapter-Statsd-0.04/changes","https://www.cve.org/CVERecord?id=CVE-2026-46719","https://www.cve.org/CVERecord?id=CVE-2026-46720","https://www.cve.org/CVERecord?id=CVE-2026-46739"],"products":["Metrics::Any::Adapter::Statsd"],"vendors":["PEVANS"]}},{"cve_id":"CVE-2026-50638","summary":"Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections.\n\nThe statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by newlines, to be sent per packet.\n\nMetrics::Any::Adapter::DogStatsd which extends Metrics::Any::Adapter::Statsd, which has a similar vulnerability.\n\nIn addition, the _tags function does not check tags for newlines or statsd control characters. The tags can be used for metric injections.","cvss":null,"cvss_version":null,"cvss_v2":null,"cvss_v3":null,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07774,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://metacpan.org/release/PEVANS/Metrics-Any-Adapter-Statsd-0.04/changes","https://www.cve.org/CVERecord?id=CVE-2026-50637","https://www.cve.org/CVERecord?id=CVE-2026-9270"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T19:16:37","euvd":{"id":"EUVD-2026-36105","description":"Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections.\n\nThe statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by newlines, to be sent per packet.\n\nMetrics::Any::Adapter::DogStatsd which extends Metrics::Any::Adapter::Statsd, which has a similar vulnerability.\n\nIn addition, the _tags function does not check tags for newlines or statsd control characters. The tags can be used for metric injections.","published_time":"2026-06-10T18:32:21","cvss":0.0,"cvss_version":null,"epss":0.0,"assigner":"CPANSec","references":["https://metacpan.org/release/PEVANS/Metrics-Any-Adapter-Statsd-0.04/changes","https://www.cve.org/CVERecord?id=CVE-2026-50637","https://www.cve.org/CVERecord?id=CVE-2026-9270"],"products":["Metrics::Any::Adapter::DogStatsd"],"vendors":["PEVANS"]}},{"cve_id":"CVE-2026-50639","summary":"Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections.\n\nThe statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by newlines, to be sent per packet.\n\nMetrics::Any::Adapter::SignalFx which extends Metrics::Any::Adapter::Statsd, which has a similar vulnerability.\n\nIn addition, the _labels function does not check tags labels newlines or statsd control characters. The labels can be used for metric injections.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11865,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://metacpan.org/release/PEVANS/Metrics-Any-Adapter-Statsd-0.04/changes","https://www.cve.org/CVERecord?id=CVE-2026-50637","https://www.cve.org/CVERecord?id=CVE-2026-9270"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T19:16:37","euvd":{"id":"EUVD-2026-36106","description":"Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections.\n\nThe statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by newlines, to be sent per packet.\n\nMetrics::Any::Adapter::SignalFx which extends Metrics::Any::Adapter::Statsd, which has a similar vulnerability.\n\nIn addition, the _labels function does not check tags labels newlines or statsd control characters. The labels can be used for metric injections.","published_time":"2026-06-10T18:32:30","cvss":6.5,"cvss_version":"3.1","epss":0.0,"assigner":"CPANSec","references":["https://metacpan.org/release/PEVANS/Metrics-Any-Adapter-Statsd-0.04/changes","https://www.cve.org/CVERecord?id=CVE-2026-50637","https://www.cve.org/CVERecord?id=CVE-2026-9270"],"products":["Metrics::Any::Adapter::SignalFx"],"vendors":["PEVANS"]}},{"cve_id":"CVE-2026-11626","summary":"CleanWipe Removal Tool (macOS), prior to 16.0.0.65, may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an affected system can escalate their privileges to gain administrative control.","cvss":5.4,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":5.4,"epss":0.00013,"ranking_epss":0.02217,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37625"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T19:16:33","euvd":{"id":"EUVD-2026-36107","description":"CleanWipe Removal Tool (macOS), prior to 16.0.0.65, may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an affected system can escalate their privileges to gain administrative control.","published_time":"2026-06-10T18:47:21","cvss":5.4,"cvss_version":"4.0","epss":0.0,"assigner":"symantec","references":["https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37625"],"products":["Symantec Endpoint Protection CleanWipe Removal Tool"],"vendors":["Broadcom"]}},{"cve_id":"CVE-2026-10740","summary":"Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service (degraded availability) by sending crafted QUIC Initial packets.\n\n\n\nTo remediate this issue, users should upgrade to v1.8.2.","cvss":6.9,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":6.9,"epss":0.00037,"ranking_epss":0.11297,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://aws.amazon.com/security/security-bulletins/2026-042-aws/","https://github.com/aws/s2n-quic/releases/tag/v1.82.0","https://github.com/aws/s2n-quic/security/advisories/GHSA-9q54-f358-3fqf"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T19:16:32","euvd":{"id":"EUVD-2026-36103","description":"Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service (degraded availability) by sending crafted QUIC Initial packets.\n\n\n\nTo remediate this issue, users should upgrade to v1.8.2.","published_time":"2026-06-10T18:09:36","cvss":6.9,"cvss_version":"4.0","epss":0.0,"assigner":"AMZN","references":["https://github.com/aws/s2n-quic/releases/tag/v1.82.0","https://aws.amazon.com/security/security-bulletins/2026-042-aws/","https://github.com/aws/s2n-quic/security/advisories/GHSA-9q54-f358-3fqf"],"products":["s2n-quic"],"vendors":["aws"]}},{"cve_id":"CVE-2026-9151","summary":"An OS\ncommand injection vulnerability exists in the VPN module of TP-Link Archer AX12\nv1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an\nadjacent, authenticated attacker to execute arbitrary commands on the device by\nimporting a specially crafted VPN client configuration file. The issue stems\nfrom improper filtering of special characters. \n\n\n\n\n\nSuccessful\nexploitation of this vulnerability may enable an attacker to gain full control\nof the affected device, potentially compromising configuration integrity,\nnetwork security, and service availability.","cvss":8.5,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.5,"epss":0.00368,"ranking_epss":0.5917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.tp-link.com/en/support/download/archer-ax12/#Firmware","https://www.tp-link.com/en/support/download/archer-ax17/#Firmware","https://www.tp-link.com/en/support/download/archer-ax18/#Firmware","https://www.tp-link.com/us/support/download/archer-ax1300/#Firmware","https://www.tp-link.com/us/support/faq/5125/"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:17:15","euvd":{"id":"EUVD-2026-36078","description":"An OS\ncommand injection vulnerability exists in the VPN module of TP-Link Archer AX12\nv1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an\nadjacent, authenticated attacker to execute arbitrary commands on the device by\nimporting a specially crafted VPN client configuration file. The issue stems\nfrom improper filtering of special characters. \n\n\n\n\n\nSuccessful\nexploitation of this vulnerability may enable an attacker to gain full control\nof the affected device, potentially compromising configuration integrity,\nnetwork security, and service availability.","published_time":"2026-06-10T17:10:10","cvss":8.5,"cvss_version":"4.0","epss":0.0,"assigner":"TPLink","references":["https://www.tp-link.com/en/support/download/archer-ax17/#Firmware","https://www.tp-link.com/en/support/download/archer-ax12/#Firmware","https://www.tp-link.com/en/support/download/archer-ax18/#Firmware","https://www.tp-link.com/us/support/download/archer-ax1300/#Firmware","https://www.tp-link.com/us/support/faq/5125/"],"products":["Archer AX1300 v1.6","Archer AX18 v1","Archer AX17 v1","Archer AX12 V1"],"vendors":["TP-Link Systems Inc.","TP Link Systems Inc."]}},{"cve_id":"CVE-2026-50566","summary":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fission.io create/update RBAC can run privileged / allowPrivilegeEscalation / dangerous-capability containers in the Fission function or builder namespace, scheduled under the executor's high-privilege service account — enabling container-sandbox escape, host filesystem and network access, and potential node- and cluster-level compromise. This issue has been patched in version 1.24.0.","cvss":9.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.9,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.11389,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/fission/fission/pull/3406","https://github.com/fission/fission/releases/tag/v1.24.0","https://github.com/fission/fission/security/advisories/GHSA-m63v-2g9w-2w6v","https://github.com/fission/fission/security/advisories/GHSA-m63v-2g9w-2w6v"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:17:13","euvd":{"id":"EUVD-2026-36102","description":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fission.io create/update RBAC can run privileged / allowPrivilegeEscalation / dangerous-capability containers in the Fission function or builder namespace, scheduled under the executor's high-privilege service account — enabling container-sandbox escape, host filesystem and network access, and potential node- and cluster-level compromise. This issue has been patched in version 1.24.0.","published_time":"2026-06-10T17:29:35","cvss":9.9,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/fission/fission/security/advisories/GHSA-m63v-2g9w-2w6v","https://github.com/fission/fission/pull/3406","https://github.com/fission/fission/releases/tag/v1.24.0"],"products":["fission"],"vendors":["fission"]}},{"cve_id":"CVE-2026-50567","summary":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Unarchive in pkg/utils/zip.go joined each archive entry name with the destination directory via filepath.Join and wrote the result without checking whether the resolved path stayed under the destination. A zip entry named ../../tmp/evil therefore landed at /tmp/evil. An attacker who could control a Package.Spec.Source.URL or Deployment.URL archive could induce the fetcher (running as the per-environment pod's fission-fetcher sidecar) to write files anywhere that process could reach: into other tenants' /packages/<ns>/ directories, into mounted secret/config volumes, or into the fetcher's own binary. This issue has been patched in version 1.25.0.","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"cvss_v4":null,"epss":0.00035,"ranking_epss":0.1069,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/fission/fission/pull/3444","https://github.com/fission/fission/releases/tag/v1.25.0","https://github.com/fission/fission/security/advisories/GHSA-q6vm-xqc9-v3ff"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:17:13","euvd":{"id":"EUVD-2026-36071","description":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Unarchive in pkg/utils/zip.go joined each archive entry name with the destination directory via filepath.Join and wrote the result without checking whether the resolved path stayed under the destination. A zip entry named ../../tmp/evil therefore landed at /tmp/evil. An attacker who could control a Package.Spec.Source.URL or Deployment.URL archive could induce the fetcher (running as the per-environment pod's fission-fetcher sidecar) to write files anywhere that process could reach: into other tenants' /packages/<ns>/ directories, into mounted secret/config volumes, or into the fetcher's own binary. This issue has been patched in version 1.25.0.","published_time":"2026-06-10T17:30:45","cvss":7.7,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/fission/fission/security/advisories/GHSA-q6vm-xqc9-v3ff","https://github.com/fission/fission/pull/3444","https://github.com/fission/fission/releases/tag/v1.25.0"],"products":["fission"],"vendors":["fission"]}},{"cve_id":"CVE-2026-50568","summary":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefix(path, safedir). This is a lexical check, not a directory boundary check: /packages-extra/evil starts with /packages, so it passed. The function did not enforce a path-separator boundary, so any sibling directory whose name began with the safe-directory string was accepted. Callers included the builder's Clean handler (pkg/builder/builder.go:208) and the fetcher's Fetch / Upload handlers (pkg/fetcher/fetcher.go). A tenant who could pre-create or control a sibling directory under the fetcher / builder's shared volume could induce a write or read outside the intended safe directory. This issue has been patched in version 1.25.0.","cvss":3.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.6,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01769,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/fission/fission/pull/3445","https://github.com/fission/fission/pull/3446","https://github.com/fission/fission/releases/tag/v1.25.0","https://github.com/fission/fission/security/advisories/GHSA-r5jh-q2mw-gcx4"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:17:13","euvd":{"id":"EUVD-2026-36072","description":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefix(path, safedir). This is a lexical check, not a directory boundary check: /packages-extra/evil starts with /packages, so it passed. The function did not enforce a path-separator boundary, so any sibling directory whose name began with the safe-directory string was accepted. Callers included the builder's Clean handler (pkg/builder/builder.go:208) and the fetcher's Fetch / Upload handlers (pkg/fetcher/fetcher.go). A tenant who could pre-create or control a sibling directory under the fetcher / builder's shared volume could induce a write or read outside the intended safe directory. This issue has been patched in version 1.25.0.","published_time":"2026-06-10T17:31:49","cvss":3.6,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/fission/fission/security/advisories/GHSA-r5jh-q2mw-gcx4","https://github.com/fission/fission/pull/3445","https://github.com/fission/fission/pull/3446","https://github.com/fission/fission/releases/tag/v1.25.0"],"products":["fission"],"vendors":["fission"]}},{"cve_id":"CVE-2026-50569","summary":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, HTTPTriggerSpec.Validate() validated Methods, FunctionReference, Host, IngressConfig, and CorsConfig, but silently skipped RelativeURL and Prefix. Those two fields were validated at the CLI level only (pkg/fission-cli/cmd/httptrigger/create.go:83). The post-CRD-modernization webhook for HTTPTrigger was retired in favor of API-server CEL — and CEL had no rules on those fields either — so an HTTPTrigger created via kubectl apply or a direct Kubernetes REST API call bypassed every URL-level check. This issue has been patched in version 1.25.0.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12464,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/fission/fission/pull/3464","https://github.com/fission/fission/releases/tag/v1.25.0","https://github.com/fission/fission/security/advisories/GHSA-vchh-r53j-8mpw"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:17:13","euvd":{"id":"EUVD-2026-36073","description":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, HTTPTriggerSpec.Validate() validated Methods, FunctionReference, Host, IngressConfig, and CorsConfig, but silently skipped RelativeURL and Prefix. Those two fields were validated at the CLI level only (pkg/fission-cli/cmd/httptrigger/create.go:83). The post-CRD-modernization webhook for HTTPTrigger was retired in favor of API-server CEL — and CEL had no rules on those fields either — so an HTTPTrigger created via kubectl apply or a direct Kubernetes REST API call bypassed every URL-level check. This issue has been patched in version 1.25.0.","published_time":"2026-06-10T17:34:00","cvss":4.3,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/fission/fission/security/advisories/GHSA-vchh-r53j-8mpw","https://github.com/fission/fission/pull/3464","https://github.com/fission/fission/releases/tag/v1.25.0"],"products":["fission"],"vendors":["fission"]}},{"cve_id":"CVE-2026-50570","summary":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety validation for tenant-facing Environment and Function CRDs (ValidatePodSpecSafety / ValidateContainerSafety admission webhook + sanitizeContainerSecurityContext executor merge layer), but the capability check was implemented as a fixed denylist of six Linux capabilities (SYS_ADMIN, NET_ADMIN, SYS_PTRACE, SYS_MODULE, DAC_READ_SEARCH, DAC_OVERRIDE). The denylist omitted CAP_SYS_TIME, among others. As a result, a tenant who could create a Function or Environment CRD could request securityContext.capabilities.add: [\"SYS_TIME\"], pass Fission's admission validation and merge-layer sanitization, and run attacker-controlled code with CAP_SYS_TIME in the resulting function or runtime container. This issue has been patched in version 1.25.0.","cvss":8.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.5,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.10318,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/fission/fission/pull/3465","https://github.com/fission/fission/releases/tag/v1.25.0","https://github.com/fission/fission/security/advisories/GHSA-qf5v-m7p4-95rp"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:17:13","euvd":{"id":"EUVD-2026-36074","description":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety validation for tenant-facing Environment and Function CRDs (ValidatePodSpecSafety / ValidateContainerSafety admission webhook + sanitizeContainerSecurityContext executor merge layer), but the capability check was implemented as a fixed denylist of six Linux capabilities (SYS_ADMIN, NET_ADMIN, SYS_PTRACE, SYS_MODULE, DAC_READ_SEARCH, DAC_OVERRIDE). The denylist omitted CAP_SYS_TIME, among others. As a result, a tenant who could create a Function or Environment CRD could request securityContext.capabilities.add: [\"SYS_TIME\"], pass Fission's admission validation and merge-layer sanitization, and run attacker-controlled code with CAP_SYS_TIME in the resulting function or runtime container. This issue has been patched in version 1.25.0.","published_time":"2026-06-10T17:34:14","cvss":8.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/fission/fission/security/advisories/GHSA-qf5v-m7p4-95rp","https://github.com/fission/fission/pull/3465","https://github.com/fission/fission/releases/tag/v1.25.0"],"products":["fission"],"vendors":["fission"]}},{"cve_id":"CVE-2026-50545","summary":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous fields into the generated pods. This issue has been patched in version 1.24.0.","cvss":9.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.9,"cvss_v4":null,"epss":0.00062,"ranking_epss":0.19521,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/fission/fission/pull/3390","https://github.com/fission/fission/pull/3391","https://github.com/fission/fission/releases/tag/v1.24.0","https://github.com/fission/fission/security/advisories/GHSA-wmgg-3p4h-48x7"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:17:12","euvd":{"id":"EUVD-2026-36098","description":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous fields into the generated pods. This issue has been patched in version 1.24.0.","published_time":"2026-06-10T17:26:20","cvss":9.9,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/fission/fission/security/advisories/GHSA-wmgg-3p4h-48x7","https://github.com/fission/fission/pull/3390","https://github.com/fission/fission/pull/3391","https://github.com/fission/fission/releases/tag/v1.24.0"],"products":["fission"],"vendors":["fission"]}},{"cve_id":"CVE-2026-50563","summary":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the executor-built podspec and creates a Deployment whose pods run the user's container image. This issue has been patched in version 1.24.0.","cvss":9.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.9,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.11389,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/fission/fission/pull/3391","https://github.com/fission/fission/releases/tag/v1.24.0","https://github.com/fission/fission/security/advisories/GHSA-v455-mv2v-5g92"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:17:12","euvd":{"id":"EUVD-2026-36099","description":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the executor-built podspec and creates a Deployment whose pods run the user's container image. This issue has been patched in version 1.24.0.","published_time":"2026-06-10T17:27:18","cvss":9.9,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/fission/fission/security/advisories/GHSA-v455-mv2v-5g92","https://github.com/fission/fission/pull/3391","https://github.com/fission/fission/releases/tag/v1.24.0"],"products":["fission"],"vendors":["fission"]}},{"cve_id":"CVE-2026-50564","summary":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs for runtime and builder pods. The merge logic propagated hostNetwork, hostPID, hostIPC, container privileged, and serviceAccountName from the user-supplied podspec with no filtering, and Environment.Validate performed no security-relevant checks on these fields. This issue has been patched in version 1.24.0.","cvss":9.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.9,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15494,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/fission/fission/pull/3391","https://github.com/fission/fission/releases/tag/v1.24.0","https://github.com/fission/fission/security/advisories/GHSA-gx55-f84r-v3r7"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:17:12","euvd":{"id":"EUVD-2026-36100","description":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs for runtime and builder pods. The merge logic propagated hostNetwork, hostPID, hostIPC, container privileged, and serviceAccountName from the user-supplied podspec with no filtering, and Environment.Validate performed no security-relevant checks on these fields. This issue has been patched in version 1.24.0.","published_time":"2026-06-10T17:27:34","cvss":9.9,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/fission/fission/security/advisories/GHSA-gx55-f84r-v3r7","https://github.com/fission/fission/pull/3391","https://github.com/fission/fission/releases/tag/v1.24.0"],"products":["fission"],"vendors":["fission"]}},{"cve_id":"CVE-2026-50565","summary":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken: false, so the kubelet auto-mounted the service-account token into every container in the pod — including the user-supplied builder image. This issue has been patched in version 1.24.0.","cvss":4.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07361,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/fission/fission/pull/3390","https://github.com/fission/fission/releases/tag/v1.24.0","https://github.com/fission/fission/security/advisories/GHSA-8wcj-mfrc-jx5q"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:17:12","euvd":{"id":"EUVD-2026-36101","description":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken: false, so the kubelet auto-mounted the service-account token into every container in the pod — including the user-supplied builder image. This issue has been patched in version 1.24.0.","published_time":"2026-06-10T17:28:27","cvss":4.9,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/fission/fission/security/advisories/GHSA-8wcj-mfrc-jx5q","https://github.com/fission/fission/pull/3390","https://github.com/fission/fission/releases/tag/v1.24.0"],"products":["fission"],"vendors":["fission"]}},{"cve_id":"CVE-2026-49821","summary":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's buildermgr controller processed Package CRDs without verifying that Package.spec.environment.namespace matched Package.metadata.namespace. This issue has been patched in version 1.24.0.","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.0802,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/fission/fission/pull/3379","https://github.com/fission/fission/releases/tag/v1.24.0","https://github.com/fission/fission/security/advisories/GHSA-vjhc-cf4p-72q4"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:17:10","euvd":{"id":"EUVD-2026-36094","description":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's buildermgr controller processed Package CRDs without verifying that Package.spec.environment.namespace matched Package.metadata.namespace. This issue has been patched in version 1.24.0.","published_time":"2026-06-10T17:21:48","cvss":7.7,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/fission/fission/security/advisories/GHSA-vjhc-cf4p-72q4","https://github.com/fission/fission/pull/3379","https://github.com/fission/fission/releases/tag/v1.24.0"],"products":["fission"],"vendors":["fission"]}},{"cve_id":"CVE-2026-49822","summary":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a low-privilege developer who could create a KubernetesWatchTrigger (KWT) in their own namespace was able to establish a persistent surveillance channel over any other namespace. This issue has been patched in version 1.24.0.","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.0802,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/fission/fission/pull/3379","https://github.com/fission/fission/releases/tag/v1.24.0","https://github.com/fission/fission/security/advisories/GHSA-gc3j-79f2-7vvw"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:17:10","euvd":{"id":"EUVD-2026-36095","description":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a low-privilege developer who could create a KubernetesWatchTrigger (KWT) in their own namespace was able to establish a persistent surveillance channel over any other namespace. This issue has been patched in version 1.24.0.","published_time":"2026-06-10T17:22:08","cvss":7.7,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/fission/fission/security/advisories/GHSA-gc3j-79f2-7vvw","https://github.com/fission/fission/pull/3379","https://github.com/fission/fission/releases/tag/v1.24.0"],"products":["fission"],"vendors":["fission"]}},{"cve_id":"CVE-2026-49823","summary":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a Fission Function spec carries three reference types — Secret, ConfigMap, and Package. The first two were namespace-validated by the admission webhook; PackageRef.Namespace was not. This issue has been patched in version 1.24.0.","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.0802,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/fission/fission/pull/3389","https://github.com/fission/fission/releases/tag/v1.24.0","https://github.com/fission/fission/security/advisories/GHSA-3r8v-2xmj-5c39"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:17:10","euvd":{"id":"EUVD-2026-36096","description":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a Fission Function spec carries three reference types — Secret, ConfigMap, and Package. The first two were namespace-validated by the admission webhook; PackageRef.Namespace was not. This issue has been patched in version 1.24.0.","published_time":"2026-06-10T17:23:23","cvss":7.7,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/fission/fission/security/advisories/GHSA-3r8v-2xmj-5c39","https://github.com/fission/fission/pull/3389","https://github.com/fission/fission/releases/tag/v1.24.0"],"products":["fission"],"vendors":["fission"]}},{"cve_id":"CVE-2026-49824","summary":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Fission Function admission webhook (pkg/webhook/function.go) validated that spec.secrets[].namespace and spec.configmaps[].namespace equalled the function's own namespace but performed no equivalent check on spec.environment.namespace. This issue has been patched in version 1.24.0.","cvss":8.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.0802,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/fission/fission/pull/3389","https://github.com/fission/fission/releases/tag/v1.24.0","https://github.com/fission/fission/security/advisories/GHSA-cvw6-gfvv-953q"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:17:10","euvd":{"id":"EUVD-2026-36097","description":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Fission Function admission webhook (pkg/webhook/function.go) validated that spec.secrets[].namespace and spec.configmaps[].namespace equalled the function's own namespace but performed no equivalent check on spec.environment.namespace. This issue has been patched in version 1.24.0.","published_time":"2026-06-10T17:25:51","cvss":8.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/fission/fission/security/advisories/GHSA-cvw6-gfvv-953q","https://github.com/fission/fission/pull/3389","https://github.com/fission/fission/releases/tag/v1.24.0"],"products":["fission"],"vendors":["fission"]}},{"cve_id":"CVE-2026-48556","summary":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.","cvss":null,"cvss_version":null,"cvss_v2":null,"cvss_v3":null,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":[],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:17:08","euvd":null},{"cve_id":"CVE-2026-46642","summary":"draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer (which works correctly on the rendering path) but in a feature-detection routine in the Text Format panel that reads the raw cell label and assigns it to a detached element's innerHTML without sanitization. Browsers fire onerror for failed image loads even on detached elements, so an <img src=x onerror=...> payload in any cell label triggers script execution as soon as the cell is selected — which import does automatically. This issue has been patched in version 29.7.12.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.11173,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/jgraph/drawio/releases/tag/v29.7.12","https://github.com/jgraph/drawio/security/advisories/GHSA-fqhg-287p-c6vf","https://github.com/jgraph/drawio/security/advisories/GHSA-fqhg-287p-c6vf"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:17:06","euvd":{"id":"EUVD-2026-36077","description":"draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer (which works correctly on the rendering path) but in a feature-detection routine in the Text Format panel that reads the raw cell label and assigns it to a detached element's innerHTML without sanitization. Browsers fire onerror for failed image loads even on detached elements, so an <img src=x onerror=...> payload in any cell label triggers script execution as soon as the cell is selected — which import does automatically. This issue has been patched in version 29.7.12.","published_time":"2026-06-10T17:42:02","cvss":6.1,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/jgraph/drawio/security/advisories/GHSA-fqhg-287p-c6vf","https://github.com/jgraph/drawio/releases/tag/v29.7.12"],"products":["drawio"],"vendors":["jgraph"]}},{"cve_id":"CVE-2026-46612","summary":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission storagesvc component registers archive CRUD handlers (/v1/archive GET / POST / DELETE and /v1/archives list) directly on its HTTP router without performing any authentication or authorization. Any caller able to reach the storagesvc ClusterIP — including any other workload in the same Kubernetes cluster — could enumerate archive IDs, download archives belonging to other tenants, upload arbitrary archive content, and delete archives. This issue has been patched in version 1.23.0.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00072,"ranking_epss":0.22059,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/fission/fission/pull/3365","https://github.com/fission/fission/pull/3368","https://github.com/fission/fission/releases/tag/v1.23.0","https://github.com/fission/fission/security/advisories/GHSA-chf8-4hv6-8pg6"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:17:05","euvd":{"id":"EUVD-2026-36091","description":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission storagesvc component registers archive CRUD handlers (/v1/archive GET / POST / DELETE and /v1/archives list) directly on its HTTP router without performing any authentication or authorization. Any caller able to reach the storagesvc ClusterIP — including any other workload in the same Kubernetes cluster — could enumerate archive IDs, download archives belonging to other tenants, upload arbitrary archive content, and delete archives. This issue has been patched in version 1.23.0.","published_time":"2026-06-10T17:19:38","cvss":8.8,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/fission/fission/security/advisories/GHSA-chf8-4hv6-8pg6","https://github.com/fission/fission/pull/3365","https://github.com/fission/fission/pull/3368","https://github.com/fission/fission/releases/tag/v1.23.0"],"products":["fission"],"vendors":["fission"]}},{"cve_id":"CVE-2026-46614","summary":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission router registers an internal-style route — /fission-function/<name> and /fission-function/<ns>/<name> — for every Function object, independent of whether any HTTPTrigger exists for that function. The route was mounted on the same listener as user-defined HTTPTriggers (svc/router, port 8888), so any caller who could reach the router could invoke any function by guessing its metadata.name (and namespace), bypassing the host / path / method / method-allow-list restrictions encoded in HTTPTrigger objects. This issue has been patched in version 1.23.0.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.13339,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/fission/fission/pull/3365","https://github.com/fission/fission/pull/3369","https://github.com/fission/fission/releases/tag/v1.23.0","https://github.com/fission/fission/security/advisories/GHSA-3g33-6vg6-27m8"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:17:05","euvd":{"id":"EUVD-2026-36090","description":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission router registers an internal-style route — /fission-function/<name> and /fission-function/<ns>/<name> — for every Function object, independent of whether any HTTPTrigger exists for that function. The route was mounted on the same listener as user-defined HTTPTriggers (svc/router, port 8888), so any caller who could reach the router could invoke any function by guessing its metadata.name (and namespace), bypassing the host / path / method / method-allow-list restrictions encoded in HTTPTrigger objects. This issue has been patched in version 1.23.0.","published_time":"2026-06-10T17:19:21","cvss":9.8,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/fission/fission/security/advisories/GHSA-3g33-6vg6-27m8","https://github.com/fission/fission/pull/3365","https://github.com/fission/fission/pull/3369","https://github.com/fission/fission/releases/tag/v1.23.0"],"products":["fission"],"vendors":["fission"]}},{"cve_id":"CVE-2026-46617","summary":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher ServiceAccount was granted namespace-wide get on secrets and configmaps (it needs that to load function code, env vars, and config). The runtime pod's automounted token was reachable from inside the user's function container at /var/run/secrets/kubernetes.io/serviceaccount/token, so user-supplied function code inherited the same Kubernetes API privileges and could read any secret or configmap in the function's namespace — far beyond the Function.spec.secrets allowlist that the function specification suggests. This issue has been patched in version 1.23.0.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.7,"epss":0.00039,"ranking_epss":0.11925,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/fission/fission/pull/3366","https://github.com/fission/fission/releases/tag/v1.23.0","https://github.com/fission/fission/security/advisories/GHSA-85g2-pmrx-r49q"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:17:05","euvd":{"id":"EUVD-2026-36092","description":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher ServiceAccount was granted namespace-wide get on secrets and configmaps (it needs that to load function code, env vars, and config). The runtime pod's automounted token was reachable from inside the user's function container at /var/run/secrets/kubernetes.io/serviceaccount/token, so user-supplied function code inherited the same Kubernetes API privileges and could read any secret or configmap in the function's namespace — far beyond the Function.spec.secrets allowlist that the function specification suggests. This issue has been patched in version 1.23.0.","published_time":"2026-06-10T17:20:10","cvss":8.7,"cvss_version":"4.0","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/fission/fission/security/advisories/GHSA-85g2-pmrx-r49q","https://github.com/fission/fission/pull/3366","https://github.com/fission/fission/releases/tag/v1.23.0"],"products":["fission"],"vendors":["fission"]}},{"cve_id":"CVE-2026-46618","summary":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command(...) after a strings.Fields split, with no validation of the executable path or its arguments. A user who could create or update Environment CRDs in a namespace observed by the buildermgr could thereby point the builder pod at any executable inside the builder image (e.g. /bin/sh -c '...') and execute arbitrary code in the builder pod context. This issue has been patched in version 1.23.0.","cvss":6.9,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":6.9,"epss":0.00065,"ranking_epss":0.20423,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/fission/fission/pull/3364","https://github.com/fission/fission/releases/tag/v1.23.0","https://github.com/fission/fission/security/advisories/GHSA-7pjr-qpvh-m339"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:17:05","euvd":{"id":"EUVD-2026-36093","description":"Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command(...) after a strings.Fields split, with no validation of the executable path or its arguments. A user who could create or update Environment CRDs in a namespace observed by the buildermgr could thereby point the builder pod at any executable inside the builder image (e.g. /bin/sh -c '...') and execute arbitrary code in the builder pod context. This issue has been patched in version 1.23.0.","published_time":"2026-06-10T17:20:53","cvss":6.9,"cvss_version":"4.0","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/fission/fission/security/advisories/GHSA-7pjr-qpvh-m339","https://github.com/fission/fission/pull/3364","https://github.com/fission/fission/releases/tag/v1.23.0"],"products":["fission"],"vendors":["fission"]}},{"cve_id":"CVE-2026-45062","summary":"FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos() function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead FrankenPHP into treating a non-.php file as a .php script. In any deployment where the attacker can place content into a file served by FrankenPHP (uploads, file storage, etc.), this can be escalated to remote code execution by crafting a URL whose path triggers either flaw. This issue has been patched in version 1.12.3.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22475,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/php/frankenphp/releases/tag/v1.12.3","https://github.com/php/frankenphp/security/advisories/GHSA-3g8v-8r37-cgjm","https://github.com/php/frankenphp/security/advisories/GHSA-3g8v-8r37-cgjm"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:16:57","euvd":{"id":"EUVD-2026-36075","description":"FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos() function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead FrankenPHP into treating a non-.php file as a .php script. In any deployment where the attacker can place content into a file served by FrankenPHP (uploads, file storage, etc.), this can be escalated to remote code execution by crafting a URL whose path triggers either flaw. This issue has been patched in version 1.12.3.","published_time":"2026-06-10T17:38:42","cvss":8.1,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/php/frankenphp/security/advisories/GHSA-3g8v-8r37-cgjm","https://github.com/php/frankenphp/releases/tag/v1.12.3"],"products":["frankenphp"],"vendors":["PHP"]}},{"cve_id":"CVE-2026-20255","summary":"In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server.  \n\nThe vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to untrusted domains when a user interacts with a crafted dashboard.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.14351,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://advisory.splunk.com/advisories/SVD-2026-0605"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:16:41","euvd":{"id":"EUVD-2026-36083","description":"In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server.  \n\nThe vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to untrusted domains when a user interacts with a crafted dashboard.","published_time":"2026-06-10T17:16:00","cvss":5.7,"cvss_version":"3.1","epss":0.0,"assigner":"cisco","references":["https://advisory.splunk.com/advisories/SVD-2026-0605"],"products":["Splunk Cloud Platform","Splunk Enterprise","Splunk Cloud Platform","Splunk Enterprise","Splunk Enterprise","Splunk Enterprise","Splunk Cloud Platform","Splunk Cloud Platform"],"vendors":["Splunk"]}},{"cve_id":"CVE-2026-20256","summary":"In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could cause data exfiltration through classic dashboards by redirecting a victim to an external site using a protocol-relative URL in a drill-down link.<br><br>The vulnerability exists because the URL classifier in classic dashboards only recognizes `http://` and `https://` schemes when checking for external URLs. Protocol-relative URLs such as `//attacker.com` bypass this check entirely, and Splunk Web does not show the external-navigation warning dialog to the victim.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.14351,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://advisory.splunk.com/advisories/SVD-2026-0606"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:16:41","euvd":{"id":"EUVD-2026-36080","description":"In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could cause data exfiltration through classic dashboards by redirecting a victim to an external site using a protocol-relative URL in a drill-down link.<br><br>The vulnerability exists because the URL classifier in classic dashboards only recognizes `http://` and `https://` schemes when checking for external URLs. Protocol-relative URLs such as `//attacker.com` bypass this check entirely, and Splunk Web does not show the external-navigation warning dialog to the victim.","published_time":"2026-06-10T17:15:55","cvss":5.7,"cvss_version":"3.1","epss":0.0,"assigner":"cisco","references":["https://advisory.splunk.com/advisories/SVD-2026-0606"],"products":["Splunk Cloud Platform","Splunk Cloud Platform","Splunk Cloud Platform","Splunk Cloud Platform","Splunk Enterprise","Splunk Enterprise","Splunk Enterprise","Splunk Enterprise"],"vendors":["Splunk"]}},{"cve_id":"CVE-2026-20257","summary":"In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a classic dashboard that exfiltrates sensitive data from the browser of a higher-privileged user who views it.  \n\nThe exfiltration is possible because classic dashboard panels do not fully validate style attribute values, which can allow for requests to reach external domains outside the configured Trusted Domains List.  \n\nThe vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.14351,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://advisory.splunk.com/advisories/SVD-2026-0607"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:16:41","euvd":{"id":"EUVD-2026-36085","description":"In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a classic dashboard that exfiltrates sensitive data from the browser of a higher-privileged user who views it.  \n\nThe exfiltration is possible because classic dashboard panels do not fully validate style attribute values, which can allow for requests to reach external domains outside the configured Trusted Domains List.  \n\nThe vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.","published_time":"2026-06-10T17:16:03","cvss":5.7,"cvss_version":"3.1","epss":0.0,"assigner":"cisco","references":["https://advisory.splunk.com/advisories/SVD-2026-0607"],"products":["Splunk Cloud Platform","Splunk Cloud Platform","Splunk Enterprise","Splunk Enterprise","Splunk Cloud Platform","Splunk Enterprise","Splunk Enterprise","Splunk Cloud Platform"],"vendors":["Splunk"]}},{"cve_id":"CVE-2026-20258","summary":"In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could store a malicious script in a classic dashboard HTML panel, causing unauthorized JavaScript code to execute in the browser of another user.  \n\nThe vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12816,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://advisory.splunk.com/advisories/SVD-2026-0608"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:16:41","euvd":{"id":"EUVD-2026-36089","description":"In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could store a malicious script in a classic dashboard HTML panel, causing unauthorized JavaScript code to execute in the browser of another user.  \n\nThe vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.","published_time":"2026-06-10T17:16:23","cvss":7.1,"cvss_version":"3.1","epss":0.0,"assigner":"cisco","references":["https://advisory.splunk.com/advisories/SVD-2026-0608"],"products":["Splunk Cloud Platform","Splunk Cloud Platform","Splunk Cloud Platform","Splunk Enterprise","Splunk Enterprise","Splunk Enterprise","Splunk Enterprise","Splunk Cloud Platform"],"vendors":["Splunk"]}},{"cve_id":"CVE-2026-20259","summary":"In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07817,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://advisory.splunk.com/advisories/SVD-2026-0609"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:16:41","euvd":{"id":"EUVD-2026-36084","description":"In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control.","published_time":"2026-06-10T17:16:02","cvss":5.5,"cvss_version":"3.1","epss":0.0,"assigner":"cisco","references":["https://advisory.splunk.com/advisories/SVD-2026-0609"],"products":["Splunk Enterprise","Splunk Cloud Platform","Splunk Cloud Platform","Splunk Cloud Platform","Splunk Cloud Platform","Splunk Cloud Platform","Splunk Enterprise"],"vendors":["Splunk"]}},{"cve_id":"CVE-2026-20260","summary":"In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might interpret when an administrator views the logs.<br><br>The injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00098,"ranking_epss":0.26989,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://advisory.splunk.com/advisories/SVD-2026-0611"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:16:41","euvd":{"id":"EUVD-2026-36087","description":"In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might interpret when an administrator views the logs.<br><br>The injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs.","published_time":"2026-06-10T17:16:20","cvss":4.3,"cvss_version":"3.1","epss":0.0,"assigner":"cisco","references":["https://advisory.splunk.com/advisories/SVD-2026-0611"],"products":["Splunk SOAR"],"vendors":["Splunk"]}},{"cve_id":"CVE-2026-11596","summary":"In ScreenConnect™ versions prior to 26.2, input\nvalidation within the Host Pass creation functionality could allow an\nauthenticated user with Host Pass creation privileges the ability to specify a\ntoken expiration duration beyond the intended maximum when generating delegated\naccess tokens.","cvss":4.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.7,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.16071,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/ConnectWise-Advisories/Disclosures/tree/main/CVE-2026-11596"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:16:40","euvd":{"id":"EUVD-2026-36079","description":"In ScreenConnect™ versions prior to 26.2, input\nvalidation within the Host Pass creation functionality could allow an\nauthenticated user with Host Pass creation privileges the ability to specify a\ntoken expiration duration beyond the intended maximum when generating delegated\naccess tokens.","published_time":"2026-06-10T17:15:07","cvss":4.7,"cvss_version":"3.1","epss":0.0,"assigner":"ConnectWise","references":["https://github.com/ConnectWise-Advisories/Disclosures/tree/main/CVE-2026-11596"],"products":["ScreenConnect"],"vendors":["ConnectWise"]}},{"cve_id":"CVE-2026-20251","summary":"In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could perform a Remote Code Execution (RCE) through the Splunk Secure Gateway app.<br><br>The Remote Code Execution is possible because of unsafe deserialization of App Key Value Store (KV Store) data through the ‘jsonpickle’ Python library, which reconstructs arbitrary Python objects from specially crafted JavaScript Object Notation (JSON) without adequate validation.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00366,"ranking_epss":0.58985,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://advisory.splunk.com/advisories/SVD-2026-0601"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:16:40","euvd":{"id":"EUVD-2026-36082","description":"In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could perform a Remote Code Execution (RCE) through the Splunk Secure Gateway app.<br><br>The Remote Code Execution is possible because of unsafe deserialization of App Key Value Store (KV Store) data through the ‘jsonpickle’ Python library, which reconstructs arbitrary Python objects from specially crafted JavaScript Object Notation (JSON) without adequate validation.","published_time":"2026-06-10T17:16:00","cvss":8.8,"cvss_version":"3.1","epss":0.0,"assigner":"cisco","references":["https://advisory.splunk.com/advisories/SVD-2026-0601"],"products":["Splunk Enterprise","Splunk Cloud Platform","Splunk Enterprise","Splunk Cloud Platform","Splunk Secure Gateway","Splunk Cloud Platform","Splunk Secure Gateway","Splunk Secure Gateway","Splunk Cloud Platform","Splunk Enterprise","Splunk Enterprise"],"vendors":["Splunk"]}},{"cve_id":"CVE-2026-20252","summary":"In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could send server-side requests to arbitrary internal destinations through the Dashboard Studio PDF export feature.  \n\nThe vulnerability exists because the trusted-domain validation uses a prefix match that can be bypassed with attacker-controlled subdomains (for example, docs.splunk.com.evil.com), and because the PDF export service follows HTTP redirects automatically without re-validating each redirect target against the allowlist.","cvss":7.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.6,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.117,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://advisory.splunk.com/advisories/SVD-2026-0602"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:16:40","euvd":{"id":"EUVD-2026-36086","description":"In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could send server-side requests to arbitrary internal destinations through the Dashboard Studio PDF export feature.  \n\nThe vulnerability exists because the trusted-domain validation uses a prefix match that can be bypassed with attacker-controlled subdomains (for example, docs.splunk.com.evil.com), and because the PDF export service follows HTTP redirects automatically without re-validating each redirect target against the allowlist.","published_time":"2026-06-10T17:16:19","cvss":7.6,"cvss_version":"3.1","epss":0.0,"assigner":"cisco","references":["https://advisory.splunk.com/advisories/SVD-2026-0602"],"products":["Splunk Enterprise","Splunk Enterprise","Splunk Enterprise","Splunk Cloud Platform","Splunk Cloud Platform","Splunk Cloud Platform","Splunk Enterprise","Splunk Cloud Platform","Splunk Cloud Platform"],"vendors":["Splunk"]}},{"cve_id":"CVE-2026-20253","summary":"In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.<br><br>The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20889,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://advisory.splunk.com/advisories/SVD-2026-0603"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:16:40","euvd":{"id":"EUVD-2026-36088","description":"In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.<br><br>The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials.","published_time":"2026-06-10T17:16:21","cvss":9.8,"cvss_version":"3.1","epss":0.0,"assigner":"cisco","references":["https://advisory.splunk.com/advisories/SVD-2026-0603"],"products":["Splunk Cloud Platform","Splunk Enterprise","Splunk Cloud Platform","Splunk Enterprise"],"vendors":["Splunk"]}},{"cve_id":"CVE-2026-20254","summary":"In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.<br><br>The Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00045,"ranking_epss":0.14159,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://advisory.splunk.com/advisories/SVD-2026-0604"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:16:40","euvd":{"id":"EUVD-2026-36081","description":"In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.<br><br>The Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard.","published_time":"2026-06-10T17:15:59","cvss":5.7,"cvss_version":"3.1","epss":0.0,"assigner":"cisco","references":["https://advisory.splunk.com/advisories/SVD-2026-0604"],"products":["Splunk Cloud Platform","Splunk Cloud Platform","Splunk Enterprise","Splunk Enterprise","Splunk Enterprise","Splunk Enterprise","Splunk Cloud Platform","Splunk Cloud Platform"],"vendors":["Splunk"]}},{"cve_id":"CVE-2026-11417","summary":"OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 (2.246.0 on Windows) might allow an actor who controls the value of one or more bundling properties (externalModules, define, loader, inject, or esbuildArgs) to execute arbitrary commands on the host running the CDK toolchain via injected shell metacharacters. This issue requires the threat actor to control the value of one or more of the affected bundling properties in the CDK application.\n\n\n\nTo remediate this issue, users should upgrade to aws-cdk-lib 2.245.0 (2.246.0 on Windows) or later.","cvss":7.0,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":7.0,"epss":0.00033,"ranking_epss":0.10296,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://aws.amazon.com/security/security-bulletins/2026-041-aws/","https://github.com/aws/aws-cdk/releases/tag/v2.245.0","https://github.com/aws/aws-cdk/security/advisories/GHSA-999r-qq7v-r334"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T18:16:39","euvd":{"id":"EUVD-2026-36076","description":"OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 (2.246.0 on Windows) might allow an actor who controls the value of one or more bundling properties (externalModules, define, loader, inject, or esbuildArgs) to execute arbitrary commands on the host running the CDK toolchain via injected shell metacharacters. This issue requires the threat actor to control the value of one or more of the affected bundling properties in the CDK application.\n\n\n\nTo remediate this issue, users should upgrade to aws-cdk-lib 2.245.0 (2.246.0 on Windows) or later.","published_time":"2026-06-10T17:39:18","cvss":7.0,"cvss_version":"4.0","epss":0.0,"assigner":"AMZN","references":["https://github.com/aws/aws-cdk/releases/tag/v2.245.0","https://aws.amazon.com/security/security-bulletins/2026-041-aws/","https://github.com/aws/aws-cdk/security/advisories/GHSA-999r-qq7v-r334"],"products":["AWS Cloud Development Kit library"],"vendors":["aws"]}},{"cve_id":"CVE-2026-46609","summary":"Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is rendered in the confirmation dialog without proper output encoding. This issue has been patched in version 17.4.0.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-vr9v-27gg-qgx4"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T17:16:37","euvd":{"id":"EUVD-2026-36070","description":"Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is rendered in the confirmation dialog without proper output encoding. This issue has been patched in version 17.4.0.","published_time":"2026-06-10T15:59:03","cvss":4.6,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-vr9v-27gg-qgx4"],"products":["Umbraco-CMS"],"vendors":["umbraco"]}},{"cve_id":"CVE-2026-46616","summary":"Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious redirect attacks. This issue has been patched in versions 13.14.0 and 17.4.0.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.0797,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/umbraco/Umbraco-CMS/pull/22561","https://github.com/umbraco/Umbraco-CMS/pull/22565","https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-2qjj-h6wp-c7h7"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T17:16:37","euvd":{"id":"EUVD-2026-36069","description":"Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious redirect attacks. This issue has been patched in versions 13.14.0 and 17.4.0.","published_time":"2026-06-10T15:56:46","cvss":5.4,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-2qjj-h6wp-c7h7","https://github.com/umbraco/Umbraco-CMS/pull/22561","https://github.com/umbraco/Umbraco-CMS/pull/22565"],"products":["Umbraco-CMS","Umbraco-CMS"],"vendors":["umbraco"]}},{"cve_id":"CVE-2026-53694","summary":"Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2.","cvss":7.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":7.3,"epss":0.00022,"ranking_epss":0.06453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://kb.nomachine.com/SU05X00274","https://kb.nomachine.com/SU05X00275"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T16:17:17","euvd":{"id":"EUVD-2026-36060","description":"Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2.","published_time":"2026-06-10T14:57:25","cvss":7.3,"cvss_version":"4.0","epss":0.0,"assigner":"CIRCL","references":["https://kb.nomachine.com/SU05X00274","https://kb.nomachine.com/SU05X00275"],"products":["NoMachine","NoMachine"],"vendors":["NoMachine"]}},{"cve_id":"CVE-2026-53698","summary":"Silverpeas through 6.4.6 mishandles the \"Personal space\" feature that is selected when no componentId is set.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.13357,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/Silverpeas/Silverpeas-Core/blob/983c5d07928b8a5ddcb39cc17d7fb9a0d87019b9/core-war/src/main/java/org/silverpeas/web/servlets/FileServer.java#L120-L122","https://github.com/Silverpeas/Silverpeas-Core/blob/983c5d07928b8a5ddcb39cc17d7fb9a0d87019b9/core-war/src/main/java/org/silverpeas/web/servlets/FileServer.java#L150-L153","https://github.com/Silverpeas/Silverpeas-Core/commit/caa6e6d1ac967ebd29b39e11c2ef5e7fd0047eec","https://tracker.silverpeas.org/issues/15229"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T16:17:17","euvd":{"id":"EUVD-2026-36068","description":"Silverpeas through 6.4.6 mishandles the \"Personal space\" feature that is selected when no componentId is set.","published_time":"2026-06-10T00:00:00","cvss":6.5,"cvss_version":"3.1","epss":0.0,"assigner":"mitre","references":["https://github.com/Silverpeas/Silverpeas-Core/commit/caa6e6d1ac967ebd29b39e11c2ef5e7fd0047eec","https://tracker.silverpeas.org/issues/15229","https://github.com/Silverpeas/Silverpeas-Core/blob/983c5d07928b8a5ddcb39cc17d7fb9a0d87019b9/core-war/src/main/java/org/silverpeas/web/servlets/FileServer.java#L120-L122","https://github.com/Silverpeas/Silverpeas-Core/blob/983c5d07928b8a5ddcb39cc17d7fb9a0d87019b9/core-war/src/main/java/org/silverpeas/web/servlets/FileServer.java#L150-L153"],"products":["Silverpeas"],"vendors":["Silverpeas"]}},{"cve_id":"CVE-2026-53693","summary":"A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, and tag metadata directly into HTML, HTML attributes, inline JavaScript event handlers, and CSS style values without context-appropriate escaping. The patch adds shared escaping helpers for HTML, attributes, JavaScript strings, and CSS color validation, then applies them across tag badges, tooltips, context menus, cluster cards, autocomplete suggestions, and dynamically inserted tag cards.\n\nAn attacker able to create or influence stored tag or metadata values could inject a crafted payload that is later rendered in another user’s browser. Successful exploitation could execute arbitrary JavaScript in the victim’s session when they view affected BSimVis pages, potentially allowing the attacker to perform actions as the victim, read data available to the victim, or alter displayed application content.\n\n\n\nThis issue affects MISP bsimvis: through v0.2.0.","cvss":6.9,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":6.9,"epss":0.00047,"ranking_epss":0.15025,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/MISP/bsimvis/commit/7bcd2c2e27647dccdfb71877e905fbb032124a63"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T16:17:16","euvd":{"id":"EUVD-2026-36051","description":"A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, and tag metadata directly into HTML, HTML attributes, inline JavaScript event handlers, and CSS style values without context-appropriate escaping. The patch adds shared escaping helpers for HTML, attributes, JavaScript strings, and CSS color validation, then applies them across tag badges, tooltips, context menus, cluster cards, autocomplete suggestions, and dynamically inserted tag cards.\n\nAn attacker able to create or influence stored tag or metadata values could inject a crafted payload that is later rendered in another user’s browser. Successful exploitation could execute arbitrary JavaScript in the victim’s session when they view affected BSimVis pages, potentially allowing the attacker to perform actions as the victim, read data available to the victim, or alter displayed application content.\n\n\n\nThis issue affects MISP bsimvis: through v0.2.0.","published_time":"2026-06-10T14:34:58","cvss":6.9,"cvss_version":"4.0","epss":0.0,"assigner":"CIRCL","references":["https://github.com/MISP/bsimvis/commit/7bcd2c2e27647dccdfb71877e905fbb032124a63"],"products":["bsimvis"],"vendors":["MISP"]}},{"cve_id":"CVE-2026-48859","summary":"Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication.\n\nWhen the SSH daemon is configured with the user_passwords or password option, ssh_auth:check_password/3 performs a PBKDF2-SHA256 computation with 600,000 iterations (~300ms) for valid usernames, but returns immediately (~0ms) for invalid usernames via the ssh_options:get_password_option/2 path. This timing difference is detectable in a single authentication attempt and allows an unauthenticated attacker to distinguish valid from invalid usernames.\n\nThe user_passwords and password options are documented as intended for test purposes; the recommended alternative is pwdfun, which is not affected by this vulnerability.\n\nThis vulnerability is associated with program files lib/ssh/src/ssh_auth.erl and lib/ssh/src/ssh_options.erl.\n\nThis issue affects OTP from OTP 29.0 before 29.0.2 corresponding to ssh from 6.0 before 6.0.1.","cvss":6.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":6.3,"epss":0.00263,"ranking_epss":0.49977,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cna.erlef.org/cves/CVE-2026-48859.html","https://github.com/erlang/otp/commit/c342092ef4b369bb409d5b71ac8fd83bab74aedf","https://github.com/erlang/otp/security/advisories/GHSA-3w6p-vwhf-wvp4","https://osv.dev/vulnerability/EEF-CVE-2026-48859","https://www.erlang.org/doc/system/versions.html#order-of-versions"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T16:17:12","euvd":{"id":"EUVD-2026-36054","description":"Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication.\n\nWhen the SSH daemon is configured with the user_passwords or password option, ssh_auth:check_password/3 performs a PBKDF2-SHA256 computation with 600,000 iterations (~300ms) for valid usernames, but returns immediately (~0ms) for invalid usernames via the ssh_options:get_password_option/2 path. This timing difference is detectable in a single authentication attempt and allows an unauthenticated attacker to distinguish valid from invalid usernames.\n\nThe user_passwords and password options are documented as intended for test purposes; the recommended alternative is pwdfun, which is not affected by this vulnerability.\n\nThis vulnerability is associated with program files lib/ssh/src/ssh_auth.erl and lib/ssh/src/ssh_options.erl.\n\nThis issue affects OTP from OTP 29.0 before 29.0.2 corresponding to ssh from 6.0 before 6.0.1.","published_time":"2026-06-10T14:35:43","cvss":6.3,"cvss_version":"4.0","epss":0.0,"assigner":"EEF","references":["https://github.com/erlang/otp/security/advisories/GHSA-3w6p-vwhf-wvp4","https://cna.erlef.org/cves/CVE-2026-48859.html","https://osv.dev/vulnerability/EEF-CVE-2026-48859","https://www.erlang.org/doc/system/versions.html#order-of-versions","https://github.com/erlang/otp/commit/c342092ef4b369bb409d5b71ac8fd83bab74aedf"],"products":["otp","otp","otp"],"vendors":["erlang"]}},{"cve_id":"CVE-2026-48860","summary":"Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN allowlist.\n\nThe inet_tls_dist:check_ip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead of inet:peername/1 to obtain the peer's IP address. Because inet:sockname/1 returns the local socket address, both the local IP and the supposed peer IP resolve to the same value, causing the subnet mask comparison to always succeed regardless of the actual remote address. Any holder of a CA-signed TLS certificate can therefore bypass the LAN restriction and gain full Erlang distribution access to the node, including rpc:call/4 and code:load_binary/3.\n\nThis vulnerability is associated with program file lib/ssl/src/inet_tls_dist.erl.\n\nThis issue affects OTP from OTP 26.0 before 29.0.2, 28.5.0.2 and 27.3.4.13 corresponding to ssl from 11.0 before 11.7.2, 11.6.0.2 and 11.2.12.9.","cvss":7.5,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":7.5,"epss":0.00026,"ranking_epss":0.07716,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cna.erlef.org/cves/CVE-2026-48860.html","https://github.com/erlang/otp/commit/0209a6df65d605552b378273027b3968b35f26b4","https://github.com/erlang/otp/security/advisories/GHSA-gp7x-mfv6-52cv","https://osv.dev/vulnerability/EEF-CVE-2026-48860","https://www.erlang.org/doc/system/versions.html#order-of-versions"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T16:17:12","euvd":{"id":"EUVD-2026-36057","description":"Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN allowlist.\n\nThe inet_tls_dist:check_ip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead of inet:peername/1 to obtain the peer's IP address. Because inet:sockname/1 returns the local socket address, both the local IP and the supposed peer IP resolve to the same value, causing the subnet mask comparison to always succeed regardless of the actual remote address. Any holder of a CA-signed TLS certificate can therefore bypass the LAN restriction and gain full Erlang distribution access to the node, including rpc:call/4 and code:load_binary/3.\n\nThis vulnerability is associated with program file lib/ssl/src/inet_tls_dist.erl.\n\nThis issue affects OTP from OTP 26.0 before 29.0.2, 28.5.0.2 and 27.3.4.13 corresponding to ssl from 11.0 before 11.7.2, 11.6.0.2 and 11.2.12.9.","published_time":"2026-06-10T14:35:49","cvss":7.5,"cvss_version":"4.0","epss":0.0,"assigner":"EEF","references":["https://github.com/erlang/otp/security/advisories/GHSA-gp7x-mfv6-52cv","https://cna.erlef.org/cves/CVE-2026-48860.html","https://osv.dev/vulnerability/EEF-CVE-2026-48860","https://www.erlang.org/doc/system/versions.html#order-of-versions","https://github.com/erlang/otp/commit/0209a6df65d605552b378273027b3968b35f26b4"],"products":["otp","otp","otp"],"vendors":["erlang"]}},{"cve_id":"CVE-2026-49759","summary":"Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk.\n\nThe sctp_parse_error_chunk function in erts/emulator/drivers/common/inet_drv.c parses SCTP ERROR chunks and writes cause codes into a fixed-size stack-allocated ErlDrvTermData spec[] array without checking bounds. A remote attacker who has established an SCTP association to a listening port can send a single crafted SCTP ERROR chunk containing enough cause codes to overflow the stack buffer, crashing the VM. The attacker can only write 16-bit values interleaved with a fixed tag, so the overflow does not provide a controlled return address, limiting exploitation to Denial of Service.\n\nA crafted SCTP ERROR chunk may also leak bits and pieces of Erlang VM memory into the received error packet observed by the Erlang process. Such data is already readable by the user running the Erlang VM, so the disclosure scope is limited.\n\nThis issue affects OTP from OTP 17.0 before 27.3.4.13, 28.5.0.2 and 29.0.2, corresponding to erts from 6.0 before 15.2.7.9, 16.4.0.2 and 17.0.2.","cvss":8.8,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.8,"epss":0.00096,"ranking_epss":0.26615,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cna.erlef.org/cves/CVE-2026-49759.html","https://github.com/erlang/otp/commit/3983d495284331c121f600a80bac9fcf4e16381e","https://github.com/erlang/otp/security/advisories/GHSA-6f4f-chj5-5g97","https://osv.dev/vulnerability/EEF-CVE-2026-49759","https://www.erlang.org/doc/system/versions.html#order-of-versions"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T16:17:12","euvd":{"id":"EUVD-2026-36053","description":"Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk.\n\nThe sctp_parse_error_chunk function in erts/emulator/drivers/common/inet_drv.c parses SCTP ERROR chunks and writes cause codes into a fixed-size stack-allocated ErlDrvTermData spec[] array without checking bounds. A remote attacker who has established an SCTP association to a listening port can send a single crafted SCTP ERROR chunk containing enough cause codes to overflow the stack buffer, crashing the VM. The attacker can only write 16-bit values interleaved with a fixed tag, so the overflow does not provide a controlled return address, limiting exploitation to Denial of Service.\n\nA crafted SCTP ERROR chunk may also leak bits and pieces of Erlang VM memory into the received error packet observed by the Erlang process. Such data is already readable by the user running the Erlang VM, so the disclosure scope is limited.\n\nThis issue affects OTP from OTP 17.0 before 27.3.4.13, 28.5.0.2 and 29.0.2, corresponding to erts from 6.0 before 15.2.7.9, 16.4.0.2 and 17.0.2.","published_time":"2026-06-10T14:35:38","cvss":8.8,"cvss_version":"4.0","epss":0.0,"assigner":"EEF","references":["https://github.com/erlang/otp/security/advisories/GHSA-6f4f-chj5-5g97","https://cna.erlef.org/cves/CVE-2026-49759.html","https://osv.dev/vulnerability/EEF-CVE-2026-49759","https://www.erlang.org/doc/system/versions.html#order-of-versions","https://github.com/erlang/otp/commit/3983d495284331c121f600a80bac9fcf4e16381e"],"products":["otp","otp","otp"],"vendors":["erlang"]}},{"cve_id":"CVE-2026-49760","summary":"Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow.\n\nThis vulnerability is associated with program file lib/erl_interface/src/misc/ei_printterm.c and program routine ei_s_print_term.\n\nThe C function ei_s_print_term uses an internal 2000-character stack buffer to format terms. When called with an encoded Erlang term containing a very large integer (encoded representation exceeding 2000 characters), the buffer overflows. The overflow bytes are restricted to the ASCII values of 0-9 and A-F, which limits exploitation to Denial of Service.\n\nThe companion function ei_print_term, which prints directly to a FILE instead of a memory buffer, does not contain this bug.\n\nThis issue affects OTP from OTP 17.0 before 27.3.4.13, 28.5.0.2 and 29.0.2, corresponding to erl_interface from 3.7.16 before 5.5.2.1, 5.7.0.1 and 5.8.1.","cvss":6.9,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":6.9,"epss":0.00014,"ranking_epss":0.0264,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cna.erlef.org/cves/CVE-2026-49760.html","https://github.com/erlang/otp/commit/0bef277b2d39dc8babb9ceb4f5d0a456f3007111","https://github.com/erlang/otp/security/advisories/GHSA-xcxj-5pg2-v72j","https://osv.dev/vulnerability/EEF-CVE-2026-49760","https://www.erlang.org/doc/system/versions.html#order-of-versions"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T16:17:12","euvd":{"id":"EUVD-2026-36052","description":"Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow.\n\nThis vulnerability is associated with program file lib/erl_interface/src/misc/ei_printterm.c and program routine ei_s_print_term.\n\nThe C function ei_s_print_term uses an internal 2000-character stack buffer to format terms. When called with an encoded Erlang term containing a very large integer (encoded representation exceeding 2000 characters), the buffer overflows. The overflow bytes are restricted to the ASCII values of 0-9 and A-F, which limits exploitation to Denial of Service.\n\nThe companion function ei_print_term, which prints directly to a FILE instead of a memory buffer, does not contain this bug.\n\nThis issue affects OTP from OTP 17.0 before 27.3.4.13, 28.5.0.2 and 29.0.2, corresponding to erl_interface from 3.7.16 before 5.5.2.1, 5.7.0.1 and 5.8.1.","published_time":"2026-06-10T14:35:36","cvss":6.9,"cvss_version":"4.0","epss":0.0,"assigner":"EEF","references":["https://github.com/erlang/otp/security/advisories/GHSA-xcxj-5pg2-v72j","https://cna.erlef.org/cves/CVE-2026-49760.html","https://osv.dev/vulnerability/EEF-CVE-2026-49760","https://www.erlang.org/doc/system/versions.html#order-of-versions","https://github.com/erlang/otp/commit/0bef277b2d39dc8babb9ceb4f5d0a456f3007111"],"products":["otp","otp","otp"],"vendors":["erlang"]}},{"cve_id":"CVE-2026-48858","summary":"Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address.\n\nThe ftp_internal:handle_ctrl_result/2 PASV handler (mode=passive, ipfamily=inet, ftp_extension=false) extracts the IP address from the server's 227 response and passes it directly to gen_tcp:connect/4 without validating it against the control connection peer address. The adjacent EPSV handlers correctly call peername(CSock) to derive the IP from the control connection, but the PASV handler does not. A malicious or compromised FTP server can redirect the client's data connection to an arbitrary internal host and port. On read operations (ftp:ls/1,2, ftp:nlist/1,2, ftp:recv/2,3), data from the redirected target is returned to the caller. On write operations (ftp:send/2,3, ftp:append/2,3), file content is sent to the redirected target. This enables SSRF against internal hosts, cloud metadata endpoints, and FTP bounce attacks against third-party hosts.\n\nThe vulnerable path is the default configuration (mode=passive, ipfamily=inet, ftp_extension=false). RFC 2577 section 3 explicitly recommends validating the PASV response IP against the control connection peer.\n\nThe ftp application is deprecated and scheduled for removal in OTP-30.\n\nThis vulnerability is associated with program files lib/inets/src/ftp/ftp_internal.erl (inets 5.10.4 through 6.5, OTP 17.4 through 20.3) and lib/ftp/src/ftp_internal.erl (ftp 1.0 and later, OTP 21.0 and later).\n\nThis issue affects OTP from OTP 17.4 before 29.0.2, 28.5.0.2 and 27.3.4.13 corresponding to inets from 5.10.4 before 7.0 and ftp from 1.0 before 1.2.6, 1.2.4.1 and 1.2.3.1.","cvss":6.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":6.3,"epss":0.00049,"ranking_epss":0.15615,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cna.erlef.org/cves/CVE-2026-48858.html","https://github.com/erlang/otp/commit/2691a806231ffd0490a8a9e20500dec0c7e73727","https://github.com/erlang/otp/commit/521bcfa24407ee8cb5614823cf905c37ea3aa605","https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq","https://osv.dev/vulnerability/EEF-CVE-2026-48858","https://www.erlang.org/doc/system/versions.html#order-of-versions"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T16:17:11","euvd":{"id":"EUVD-2026-36055","description":"Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address.\n\nThe ftp_internal:handle_ctrl_result/2 PASV handler (mode=passive, ipfamily=inet, ftp_extension=false) extracts the IP address from the server's 227 response and passes it directly to gen_tcp:connect/4 without validating it against the control connection peer address. The adjacent EPSV handlers correctly call peername(CSock) to derive the IP from the control connection, but the PASV handler does not. A malicious or compromised FTP server can redirect the client's data connection to an arbitrary internal host and port. On read operations (ftp:ls/1,2, ftp:nlist/1,2, ftp:recv/2,3), data from the redirected target is returned to the caller. On write operations (ftp:send/2,3, ftp:append/2,3), file content is sent to the redirected target. This enables SSRF against internal hosts, cloud metadata endpoints, and FTP bounce attacks against third-party hosts.\n\nThe vulnerable path is the default configuration (mode=passive, ipfamily=inet, ftp_extension=false). RFC 2577 section 3 explicitly recommends validating the PASV response IP against the control connection peer.\n\nThe ftp application is deprecated and scheduled for removal in OTP-30.\n\nThis vulnerability is associated with program files lib/inets/src/ftp/ftp_internal.erl (inets 5.10.4 through 6.5, OTP 17.4 through 20.3) and lib/ftp/src/ftp_internal.erl (ftp 1.0 and later, OTP 21.0 and later).\n\nThis issue affects OTP from OTP 17.4 before 29.0.2, 28.5.0.2 and 27.3.4.13 corresponding to inets from 5.10.4 before 7.0 and ftp from 1.0 before 1.2.6, 1.2.4.1 and 1.2.3.1.","published_time":"2026-06-10T14:35:45","cvss":6.3,"cvss_version":"4.0","epss":0.0,"assigner":"EEF","references":["https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq","https://cna.erlef.org/cves/CVE-2026-48858.html","https://osv.dev/vulnerability/EEF-CVE-2026-48858","https://www.erlang.org/doc/system/versions.html#order-of-versions","https://github.com/erlang/otp/commit/2691a806231ffd0490a8a9e20500dec0c7e73727","https://github.com/erlang/otp/commit/521bcfa24407ee8cb5614823cf905c37ea3aa605"],"products":["otp","otp","otp","otp"],"vendors":["erlang"]}},{"cve_id":"CVE-2026-48856","summary":"Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data.\n\nThe httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary. httpc_response:redirect/2 constructs the redirected request by updating only the host field of the header record; all other fields (including authorization and proxy_authorization) are copied verbatim. The redirect target host is never compared against the original host.\n\nautoredirect defaults to true, so this affects all httpc callers that do not explicitly disable automatic redirects.\n\nAn attacker who controls a server that the victim contacts via httpc can issue a cross-origin 3xx redirect to a server they also control. The Authorization header (including Basic credentials derived from URL userinfo via httpc_request:handle_user_info/2) is forwarded to the redirect target, allowing credential theft. The same applies to the Proxy-Authorization header.\n\nThis vulnerability is associated with program files lib/inets/src/http_client/httpc_response.erl.\n\nThis issue affects OTP from 17.0 before 29.0.2, 28.5.0.2 and 27.3.4.13 corresponding to inets from 5.10 before 9.7.1, 9.6.2.2 and 9.3.2.6.","cvss":7.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":7.1,"epss":0.00044,"ranking_epss":0.13911,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cna.erlef.org/cves/CVE-2026-48856.html","https://github.com/erlang/otp/commit/688d748d6f7a6a06b13b662a1d3de8af97079612","https://github.com/erlang/otp/security/advisories/GHSA-m75x-4vwg-ggjh","https://osv.dev/vulnerability/EEF-CVE-2026-48856","https://www.erlang.org/doc/system/versions.html#order-of-versions"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T16:17:10","euvd":{"id":"EUVD-2026-36058","description":"Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data.\n\nThe httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary. httpc_response:redirect/2 constructs the redirected request by updating only the host field of the header record; all other fields (including authorization and proxy_authorization) are copied verbatim. The redirect target host is never compared against the original host.\n\nautoredirect defaults to true, so this affects all httpc callers that do not explicitly disable automatic redirects.\n\nAn attacker who controls a server that the victim contacts via httpc can issue a cross-origin 3xx redirect to a server they also control. The Authorization header (including Basic credentials derived from URL userinfo via httpc_request:handle_user_info/2) is forwarded to the redirect target, allowing credential theft. The same applies to the Proxy-Authorization header.\n\nThis vulnerability is associated with program files lib/inets/src/http_client/httpc_response.erl.\n\nThis issue affects OTP from 17.0 before 29.0.2, 28.5.0.2 and 27.3.4.13 corresponding to inets from 5.10 before 9.7.1, 9.6.2.2 and 9.3.2.6.","published_time":"2026-06-10T14:41:51","cvss":7.1,"cvss_version":"4.0","epss":0.0,"assigner":"EEF","references":["https://github.com/erlang/otp/security/advisories/GHSA-m75x-4vwg-ggjh","https://cna.erlef.org/cves/CVE-2026-48856.html","https://osv.dev/vulnerability/EEF-CVE-2026-48856","https://www.erlang.org/doc/system/versions.html#order-of-versions","https://github.com/erlang/otp/commit/688d748d6f7a6a06b13b662a1d3de8af97079612"],"products":["otp","otp","otp"],"vendors":["erlang"]}},{"cve_id":"CVE-2026-46558","summary":"Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1.","cvss":8.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.3,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.117,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/makeplane/plane/releases/tag/v1.3.1","https://github.com/makeplane/plane/security/advisories/GHSA-qw87-v5w3-6vxx","https://github.com/makeplane/plane/security/advisories/GHSA-qw87-v5w3-6vxx"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T16:17:09","euvd":{"id":"EUVD-2026-36066","description":"Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1.","published_time":"2026-06-10T15:42:06","cvss":8.3,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/makeplane/plane/security/advisories/GHSA-qw87-v5w3-6vxx","https://github.com/makeplane/plane/releases/tag/v1.3.1"],"products":["plane"],"vendors":["makeplane"]}},{"cve_id":"CVE-2026-48096","summary":"OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. This issue has been patched in version 1.16.0.","cvss":5.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.0,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.04205,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/openfga/openfga/releases/tag/v1.16.0","https://github.com/openfga/openfga/security/advisories/GHSA-8396-jffm-qx4w"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T16:17:09","euvd":{"id":"EUVD-2026-36061","description":"OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. This issue has been patched in version 1.16.0.","published_time":"2026-06-10T15:09:59","cvss":5.0,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/openfga/openfga/security/advisories/GHSA-8396-jffm-qx4w","https://github.com/openfga/openfga/releases/tag/v1.16.0"],"products":["openfga"],"vendors":["openfga"]}},{"cve_id":"CVE-2026-48855","summary":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery.\n\nThe SSH_FXP_READLINK handler in ssh_sftpd sends the raw result of file:read_link/2 to the client without calling chroot_filename/2 to strip the backend root prefix. An authenticated SFTP client can create a symlink inside the chroot pointing to /; ssh_sftpd resolves the target to the absolute backend root and stores it on disk. Reading the symlink back via SSH_FXP_READLINK returns that absolute path, for example /data/sftp, instead of the chrooted value /.\n\nThe information disclosed is the absolute filesystem path of the SFTP root directory and of any symlink targets within it. No file contents, credentials, or access to paths outside the root directory are obtainable through this issue alone.\n\nThis vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.\n\nThis issue affects OTP from OTP 17.0 before 29.0.2, 28.5.0.2 and 27.3.4.13 corresponding to ssh from 3.0.1 before 6.0.1, 5.5.2.1 and 5.2.11.8.","cvss":2.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":2.3,"epss":0.00045,"ranking_epss":0.1424,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cna.erlef.org/cves/CVE-2026-48855.html","https://github.com/erlang/otp/commit/8f4224a0d2676b0653d2c71a889a956e8c2c62d6","https://github.com/erlang/otp/security/advisories/GHSA-pv7g-pjrq-x2fh","https://osv.dev/vulnerability/EEF-CVE-2026-48855","https://www.erlang.org/doc/system/versions.html#order-of-versions"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T16:17:09","euvd":{"id":"EUVD-2026-36056","description":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery.\n\nThe SSH_FXP_READLINK handler in ssh_sftpd sends the raw result of file:read_link/2 to the client without calling chroot_filename/2 to strip the backend root prefix. An authenticated SFTP client can create a symlink inside the chroot pointing to /; ssh_sftpd resolves the target to the absolute backend root and stores it on disk. Reading the symlink back via SSH_FXP_READLINK returns that absolute path, for example /data/sftp, instead of the chrooted value /.\n\nThe information disclosed is the absolute filesystem path of the SFTP root directory and of any symlink targets within it. No file contents, credentials, or access to paths outside the root directory are obtainable through this issue alone.\n\nThis vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl.\n\nThis issue affects OTP from OTP 17.0 before 29.0.2, 28.5.0.2 and 27.3.4.13 corresponding to ssh from 3.0.1 before 6.0.1, 5.5.2.1 and 5.2.11.8.","published_time":"2026-06-10T14:35:49","cvss":2.3,"cvss_version":"4.0","epss":0.0,"assigner":"EEF","references":["https://github.com/erlang/otp/security/advisories/GHSA-pv7g-pjrq-x2fh","https://cna.erlef.org/cves/CVE-2026-48855.html","https://osv.dev/vulnerability/EEF-CVE-2026-48855","https://www.erlang.org/doc/system/versions.html#order-of-versions","https://github.com/erlang/otp/commit/8f4224a0d2676b0653d2c71a889a956e8c2c62d6"],"products":["otp","otp","otp"],"vendors":["erlang"]}},{"cve_id":"CVE-2026-45569","summary":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 (\"Expand validation to block .. in config_file_name and configver for improved security\") added a line in app/modules/config/config.py:462. This is tuple-membership, not substring containment — '..' in (a, b, c) evaluates to True only if any of a, b, c is equal to the literal string '..'. For any realistic path-traversal payload (../../etc/passwd, ..\\\\..\\\\etc\\\\passwd, etc.) the check returns False and the patch silently lets the payload through. At time of publication, there are no publicly available patches.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.12157,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/roxy-wi/roxy-wi/commit/d4d10006","https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-j6p4-8532-h9hv","https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-j6p4-8532-h9hv"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T16:17:08","euvd":{"id":"EUVD-2026-36065","description":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 (\"Expand validation to block .. in config_file_name and configver for improved security\") added a line in app/modules/config/config.py:462. This is tuple-membership, not substring containment — '..' in (a, b, c) evaluates to True only if any of a, b, c is equal to the literal string '..'. For any realistic path-traversal payload (../../etc/passwd, ..\\\\..\\\\etc\\\\passwd, etc.) the check returns False and the patch silently lets the payload through. At time of publication, there are no publicly available patches.","published_time":"2026-06-10T15:38:17","cvss":8.1,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-j6p4-8532-h9hv","https://github.com/roxy-wi/roxy-wi/commit/d4d10006"],"products":["roxy-wi"],"vendors":["roxy-wi"]}},{"cve_id":"CVE-2026-46497","summary":"Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-derived URLs. This issue has been patched in version 1.7.0.","cvss":2.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":2.3,"epss":0.00041,"ranking_epss":0.12796,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/apify/crawlee-python/releases/tag/v1.7.0","https://github.com/apify/crawlee-python/security/advisories/GHSA-3r75-xc34-5f44"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T16:17:08","euvd":{"id":"EUVD-2026-36067","description":"Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-derived URLs. This issue has been patched in version 1.7.0.","published_time":"2026-06-10T15:51:15","cvss":2.3,"cvss_version":"4.0","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/apify/crawlee-python/security/advisories/GHSA-3r75-xc34-5f44","https://github.com/apify/crawlee-python/releases/tag/v1.7.0"],"products":["crawlee-python"],"vendors":["apify"]}},{"cve_id":"CVE-2026-45565","summary":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString (app/modules/roxywi/class_models.py:16-30) is the centralised Pydantic validator used on dozens of fields including SSH credential name, username, description, etc. Its if/elif/elif/else flow returns the metacharacter-stripped value without also enforcing the .. block. An attacker who appends a single ;, &, |, $, or backtick to a .. payload routes the value through the strip arm, where .. survives unblocked and the result is not shlex.quote()'d either. At time of publication, there are no publicly available patches.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18879,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-7qm8-cm8p-9rx3","https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-7qm8-cm8p-9rx3"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T16:17:07","euvd":{"id":"EUVD-2026-36062","description":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString (app/modules/roxywi/class_models.py:16-30) is the centralised Pydantic validator used on dozens of fields including SSH credential name, username, description, etc. Its if/elif/elif/else flow returns the metacharacter-stripped value without also enforcing the .. block. An attacker who appends a single ;, &, |, $, or backtick to a .. payload routes the value through the strip arm, where .. survives unblocked and the result is not shlex.quote()'d either. At time of publication, there are no publicly available patches.","published_time":"2026-06-10T15:34:15","cvss":8.1,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-7qm8-cm8p-9rx3"],"products":["roxy-wi"],"vendors":["roxy-wi"]}},{"cve_id":"CVE-2026-45566","summary":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by rejecting strings containing https:// or http:// substrings, then constructs https://{request.host}{next_url} and the JS client redirects via window.location.replace(). The block does not consider the userinfo@host syntax. next=@evil.example/path produces https://victim.example@evil.example/path, which all modern browsers route to evil.example. At time of publication, there are no publicly available patches.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.08039,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-xw9x-68gg-mp5h","https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-xw9x-68gg-mp5h"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T16:17:07","euvd":{"id":"EUVD-2026-36063","description":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by rejecting strings containing https:// or http:// substrings, then constructs https://{request.host}{next_url} and the JS client redirects via window.location.replace(). The block does not consider the userinfo@host syntax. next=@evil.example/path produces https://victim.example@evil.example/path, which all modern browsers route to evil.example. At time of publication, there are no publicly available patches.","published_time":"2026-06-10T15:36:10","cvss":6.1,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-xw9x-68gg-mp5h"],"products":["roxy-wi"],"vendors":["roxy-wi"]}},{"cve_id":"CVE-2026-45567","summary":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unauthenticated /api/gpt. At time of publication, there are no publicly available patches.","cvss":8.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.3,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.15355,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-4fcm-qgg8-w2vf","https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-4fcm-qgg8-w2vf"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T16:17:07","euvd":{"id":"EUVD-2026-36064","description":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unauthenticated /api/gpt. At time of publication, there are no publicly available patches.","published_time":"2026-06-10T15:37:35","cvss":8.3,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-4fcm-qgg8-w2vf"],"products":["roxy-wi"],"vendors":["roxy-wi"]}},{"cve_id":"CVE-2026-25700","summary":"Improper Restriction of Security Token Assignment vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 2.0.0.\n\nPreviously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to administrative APIs until the token expired.\nUsers are recommended to upgrade to version 2.0.1, which fixes the issue.","cvss":7.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.2,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.11097,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://lists.apache.org/thread/ftw52mlxknjm29vo1mnqovj53z2kh96y"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T16:16:58","euvd":{"id":"EUVD-2026-36059","description":"Improper Restriction of Security Token Assignment vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 2.0.0.\n\nPreviously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to administrative APIs until the token expired.\nUsers are recommended to upgrade to version 2.0.1, which fixes the issue.","published_time":"2026-06-10T14:57:00","cvss":7.2,"cvss_version":"3.1","epss":0.0,"assigner":"apache","references":["https://lists.apache.org/thread/ftw52mlxknjm29vo1mnqovj53z2kh96y"],"products":["Apache Answer"],"vendors":["Apache Software Foundation"]}},{"cve_id":"CVE-2026-9045","summary":"During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.","cvss":8.5,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":8.5,"epss":0.00011,"ranking_epss":0.01582,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.lenovo.com/us/en/downloads/ds568567","https://support.lenovo.com/us/en/product_security/LEN-213623"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:43","euvd":{"id":"EUVD-2026-36047","description":"During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.","published_time":"2026-06-10T14:09:19","cvss":8.5,"cvss_version":"4.0","epss":0.0,"assigner":"lenovo","references":["https://support.lenovo.com/us/en/product_security/LEN-213623","https://support.lenovo.com/us/en/downloads/ds568567"],"products":["Accessories and Display Manager for Enterprise"],"vendors":["Lenovo"]}},{"cve_id":"CVE-2026-53475","summary":"A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security (TLS) connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle (MITM) attacker to intercept and harvest vCenter administrator credentials. This can lead to unauthorized access to vCenter.","cvss":9.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.3,"cvss_v4":null,"epss":0.0001,"ranking_epss":0.01278,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/security/cve/CVE-2026-53475","https://bugzilla.redhat.com/show_bug.cgi?id=2487232","https://github.com/kubev2v/assisted-migration-agent/pull/268"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:42","euvd":{"id":"EUVD-2026-36032","description":"A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security (TLS) connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle (MITM) attacker to intercept and harvest vCenter administrator credentials. This can lead to unauthorized access to vCenter.","published_time":"2026-06-10T13:55:43","cvss":9.3,"cvss_version":"3.1","epss":0.0,"assigner":"redhat","references":["https://access.redhat.com/security/cve/CVE-2026-53475","https://bugzilla.redhat.com/show_bug.cgi?id=2487232","https://github.com/kubev2v/assisted-migration-agent/pull/268"],"products":[],"vendors":[]}},{"cve_id":"CVE-2026-53476","summary":"A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network (LAN), can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. This could ultimately lead to the execution of unauthorized code on the appliance.","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00053,"ranking_epss":0.16899,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/security/cve/CVE-2026-53476","https://bugzilla.redhat.com/show_bug.cgi?id=2487233","https://github.com/kubev2v/assisted-migration-agent/pull/256"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:42","euvd":{"id":"EUVD-2026-36033","description":"A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network (LAN), can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. This could ultimately lead to the execution of unauthorized code on the appliance.","published_time":"2026-06-10T13:55:44","cvss":9.6,"cvss_version":"3.1","epss":0.0,"assigner":"redhat","references":["https://access.redhat.com/security/cve/CVE-2026-53476","https://bugzilla.redhat.com/show_bug.cgi?id=2487233","https://github.com/kubev2v/assisted-migration-agent/pull/256"],"products":[],"vendors":[]}},{"cve_id":"CVE-2026-53689","summary":"libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfs_zdr_string in lib/libnfs-zdr.c.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17962,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/sahlberg/libnfs/commit/55c18ea33a83d667f79f0ef209c96895795c729f"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:42","euvd":{"id":"EUVD-2026-36027","description":"libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfs_zdr_string in lib/libnfs-zdr.c.","published_time":"2026-06-10T13:44:28","cvss":7.1,"cvss_version":"3.1","epss":0.0,"assigner":"mitre","references":["https://github.com/sahlberg/libnfs/commit/55c18ea33a83d667f79f0ef209c96895795c729f"],"products":["libnfs"],"vendors":["sahlberg"]}},{"cve_id":"CVE-2026-6090","summary":"A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.","cvss":7.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":7.3,"epss":0.00016,"ranking_epss":0.04076,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.lenovo.com/us/en/product_security/LEN-218281"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:42","euvd":{"id":"EUVD-2026-36049","description":"A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.","published_time":"2026-06-10T14:09:47","cvss":7.3,"cvss_version":"4.0","epss":0.0,"assigner":"lenovo","references":["https://support.lenovo.com/us/en/product_security/LEN-218281"],"products":["Smart Connect"],"vendors":["Lenovo"]}},{"cve_id":"CVE-2026-7516","summary":"A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents.","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":5.1,"epss":0.00029,"ranking_epss":0.08724,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://iknow.lenovo.com.cn/detail/440821","https://shop.lenovo.com.cn/"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:42","euvd":{"id":"EUVD-2026-36046","description":"A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents.","published_time":"2026-06-10T14:08:47","cvss":5.1,"cvss_version":"4.0","epss":0.0,"assigner":"lenovo","references":["https://iknow.lenovo.com.cn/detail/440821","https://shop.lenovo.com.cn/"],"products":["application"],"vendors":["Lenovo"]}},{"cve_id":"CVE-2026-8335","summary":"A missing authentication check on the Aix‑DB \"/llm/process_llm_out\" endpoint allows unauthenticated clients to execute arbitrary \"SELECT\" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints.\nAll releases up to 1.2.4 are considered vulnerable. Status of next releases is unknown as the vulnerability has not been addressed by any patch.","cvss":7.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":7.1,"epss":0.00024,"ranking_epss":0.07081,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://cert.pl/posts/2026/06/CVE-2026-8335","https://github.com/apconw/Aix-DB"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:42","euvd":{"id":"EUVD-2026-36050","description":"A missing authentication check on the Aix‑DB \"/llm/process_llm_out\" endpoint allows unauthenticated clients to execute arbitrary \"SELECT\" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints.\nAll releases up to 1.2.4 are considered vulnerable. Status of next releases is unknown as the vulnerability has not been addressed by any patch.","published_time":"2026-06-10T14:31:10","cvss":7.1,"cvss_version":"4.0","epss":0.0,"assigner":"CERT-PL","references":["https://github.com/apconw/Aix-DB","https://cert.pl/posts/2026/06/CVE-2026-8335"],"products":["Aix-DB"],"vendors":["Aix-DB"]}},{"cve_id":"CVE-2026-8637","summary":"A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges.","cvss":8.5,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":8.5,"epss":0.00013,"ranking_epss":0.02152,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.lenovo.com/us/en/product_security/LEN-217400"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:42","euvd":{"id":"EUVD-2026-36048","description":"A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges.","published_time":"2026-06-10T14:09:32","cvss":8.5,"cvss_version":"4.0","epss":0.0,"assigner":"lenovo","references":["https://support.lenovo.com/us/en/product_security/LEN-217400"],"products":["LanSchool Classic"],"vendors":["Lenovo"]}},{"cve_id":"CVE-2026-53469","summary":"A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments, leading to a critical loss of availability and integrity across the entire SaaS platform.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.11304,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/security/cve/CVE-2026-53469","https://bugzilla.redhat.com/show_bug.cgi?id=2487065","https://github.com/kubev2v/migration-planner/pull/1227"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:41","euvd":{"id":"EUVD-2026-36028","description":"A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments, leading to a critical loss of availability and integrity across the entire SaaS platform.","published_time":"2026-06-10T13:55:37","cvss":9.1,"cvss_version":"3.1","epss":0.0,"assigner":"redhat","references":["https://access.redhat.com/security/cve/CVE-2026-53469","https://bugzilla.redhat.com/show_bug.cgi?id=2487065","https://github.com/kubev2v/migration-planner/pull/1227"],"products":[],"vendors":[]}},{"cve_id":"CVE-2026-53470","summary":"A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the `/api/v1/sources/{id}/image-url` endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance (OVA) images belonging to other users. Consequently, the attacker can download OVA images containing sensitive information, such as long-lived agent JSON Web Tokens (JWTs) and source configurations, potentially leading to unauthorized access and modification of the victim's source.","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.0802,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/security/cve/CVE-2026-53470","https://bugzilla.redhat.com/show_bug.cgi?id=2487069","https://github.com/kubev2v/migration-planner/pull/1218"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:41","euvd":{"id":"EUVD-2026-36034","description":"A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the `/api/v1/sources/{id}/image-url` endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance (OVA) images belonging to other users. Consequently, the attacker can download OVA images containing sensitive information, such as long-lived agent JSON Web Tokens (JWTs) and source configurations, potentially leading to unauthorized access and modification of the victim's source.","published_time":"2026-06-10T13:55:57","cvss":9.6,"cvss_version":"3.1","epss":0.0,"assigner":"redhat","references":["https://access.redhat.com/security/cve/CVE-2026-53470","https://bugzilla.redhat.com/show_bug.cgi?id=2487069","https://github.com/kubev2v/migration-planner/pull/1218"],"products":[],"vendors":[]}},{"cve_id":"CVE-2026-53471","summary":"A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens (JWTs) for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the source_id claim within these tokens against the requested source ID. This oversight allows an authenticated attacker with a valid agent token to manipulate data across different tenants, leading to a complete collapse of tenant isolation. This could result in unauthorized overwriting of victim inventory, planting of malicious credential URLs, or corruption of migration assessments.","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.14474,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/security/cve/CVE-2026-53471","https://bugzilla.redhat.com/show_bug.cgi?id=2487070","https://github.com/kubev2v/migration-planner/pull/1213"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:41","euvd":{"id":"EUVD-2026-36031","description":"A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens (JWTs) for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the source_id claim within these tokens against the requested source ID. This oversight allows an authenticated attacker with a valid agent token to manipulate data across different tenants, leading to a complete collapse of tenant isolation. This could result in unauthorized overwriting of victim inventory, planting of malicious credential URLs, or corruption of migration assessments.","published_time":"2026-06-10T13:55:41","cvss":9.6,"cvss_version":"3.1","epss":0.0,"assigner":"redhat","references":["https://access.redhat.com/security/cve/CVE-2026-53471","https://bugzilla.redhat.com/show_bug.cgi?id=2487070","https://github.com/kubev2v/migration-planner/pull/1213"],"products":[],"vendors":[]}},{"cve_id":"CVE-2026-53473","summary":"A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser session. This cross-site scripting (XSS) vulnerability allows the attacker to compromise the victim's Red Hat Single Sign-On (SSO) session, potentially leading to unauthorized cross-tenant data access and API actions.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.09305,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/security/cve/CVE-2026-53473","https://bugzilla.redhat.com/show_bug.cgi?id=2487107","https://github.com/kubev2v/migration-planner-ui-app/pull/750"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:41","euvd":{"id":"EUVD-2026-36029","description":"A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser session. This cross-site scripting (XSS) vulnerability allows the attacker to compromise the victim's Red Hat Single Sign-On (SSO) session, potentially leading to unauthorized cross-tenant data access and API actions.","published_time":"2026-06-10T13:55:37","cvss":7.3,"cvss_version":"3.1","epss":0.0,"assigner":"redhat","references":["https://access.redhat.com/security/cve/CVE-2026-53473","https://bugzilla.redhat.com/show_bug.cgi?id=2487107","https://github.com/kubev2v/migration-planner-ui-app/pull/750"],"products":[],"vendors":[]}},{"cve_id":"CVE-2026-53474","summary":"A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL Injection allows for arbitrary file reading on the system, potentially exposing sensitive information such as Kubernetes service account tokens and other credentials, which could lead to a full compromise of the SaaS environment.","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.10236,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/security/cve/CVE-2026-53474","https://bugzilla.redhat.com/show_bug.cgi?id=2487231","https://github.com/kubev2v/migration-planner/pull/1231"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:41","euvd":{"id":"EUVD-2026-36030","description":"A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL Injection allows for arbitrary file reading on the system, potentially exposing sensitive information such as Kubernetes service account tokens and other credentials, which could lead to a full compromise of the SaaS environment.","published_time":"2026-06-10T13:55:38","cvss":9.6,"cvss_version":"3.1","epss":0.0,"assigner":"redhat","references":["https://access.redhat.com/security/cve/CVE-2026-53474","https://bugzilla.redhat.com/show_bug.cgi?id=2487231","https://github.com/kubev2v/migration-planner/pull/1231"],"products":[],"vendors":[]}},{"cve_id":"CVE-2026-45561","summary":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/{version,uptime,status,checks}/<server_ip> family of routes takes the URL path component verbatim into requests.get(f'http://{server_ip}:{agent_port}/...'). The path component is constrained only by Flask's default URL converter, which permits any value (including IPv4 literals like 169.254.169.254, RFC1918 ranges, and 127.0.0.1). At time of publication, there are no publicly available patches.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.08548,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-2crj-7rqc-x7rq","https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-2crj-7rqc-x7rq"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:37","euvd":{"id":"EUVD-2026-36042","description":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/{version,uptime,status,checks}/<server_ip> family of routes takes the URL path component verbatim into requests.get(f'http://{server_ip}:{agent_port}/...'). The path component is constrained only by Flask's default URL converter, which permits any value (including IPv4 literals like 169.254.169.254, RFC1918 ranges, and 127.0.0.1). At time of publication, there are no publicly available patches.","published_time":"2026-06-10T14:03:03","cvss":6.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-2crj-7rqc-x7rq"],"products":["roxy-wi"],"vendors":["roxy-wi"]}},{"cve_id":"CVE-2026-45563","summary":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history/<service>/<server_ip> re-uses the server_ip path parameter as a user-id when service == 'user', with no authorization check. Any authenticated user — even a guest in an unrelated group — can list any other user's full action audit trail (server IPs touched, configs deployed, services restarted). At time of publication, there are no publicly available patches.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07509,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-wcmc-cjmw-54x9","https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-wcmc-cjmw-54x9"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:37","euvd":{"id":"EUVD-2026-36043","description":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history/<service>/<server_ip> re-uses the server_ip path parameter as a user-id when service == 'user', with no authorization check. Any authenticated user — even a guest in an unrelated group — can list any other user's full action audit trail (server IPs touched, configs deployed, services restarted). At time of publication, there are no publicly available patches.","published_time":"2026-06-10T14:03:43","cvss":4.3,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-wcmc-cjmw-54x9"],"products":["roxy-wi"],"vendors":["roxy-wi"]}},{"cve_id":"CVE-2026-45564","summary":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /config/versions/<service>/<server_ip>/<configver>/save interpolates the URL-path configver parameter directly into a config-version path that ends up at os.system(f\"dos2unix -q {cfg}\"). configver is not run through EscapedString (Pydantic doesn't validate path segments declared as str) and the surrounding .. block is the broken tuple-membership patch from GHSA-vapt-004. An authenticated user with role <= 3 (\"user\") therefore reaches a bin/sh -c command-injection sink. At time of publication, there are no publicly available patches.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.15109,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-w42x-3v8j-cmg2","https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-w42x-3v8j-cmg2"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:37","euvd":{"id":"EUVD-2026-36044","description":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /config/versions/<service>/<server_ip>/<configver>/save interpolates the URL-path configver parameter directly into a config-version path that ends up at os.system(f\"dos2unix -q {cfg}\"). configver is not run through EscapedString (Pydantic doesn't validate path segments declared as str) and the surrounding .. block is the broken tuple-membership patch from GHSA-vapt-004. An authenticated user with role <= 3 (\"user\") therefore reaches a bin/sh -c command-injection sink. At time of publication, there are no publicly available patches.","published_time":"2026-06-10T14:04:05","cvss":8.8,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-w42x-3v8j-cmg2"],"products":["roxy-wi"],"vendors":["roxy-wi"]}},{"cve_id":"CVE-2026-45550","summary":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check (app/routes/smon/routes.py:117-138) gates only on roxywi_common.check_user_group_for_flask() — which validates that the caller has some group, not that the target check_id belongs to it. The downstream SQL update functions update_smon, update_smonHttp, update_smonTcp, update_smonPing, update_smonDns (app/modules/db/smon.py:515-562) all execute WHERE smon_id = ? with no user_group filter. The DELETE path is correctly filtered (app/modules/db/smon.py:319-327 does WHERE id = ? AND user_group = ?), demonstrating that the maintainers know the right pattern but did not apply it on UPDATE. Therefore any authenticated user can iterate over smon_id values and silently rewrite any other tenant's HTTP / TCP / Ping / DNS monitoring check. At time of publication, there are no publicly available patches.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.10424,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-856h-mvm2-2h2x","https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-856h-mvm2-2h2x"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:36","euvd":{"id":"EUVD-2026-36037","description":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check (app/routes/smon/routes.py:117-138) gates only on roxywi_common.check_user_group_for_flask() — which validates that the caller has some group, not that the target check_id belongs to it. The downstream SQL update functions update_smon, update_smonHttp, update_smonTcp, update_smonPing, update_smonDns (app/modules/db/smon.py:515-562) all execute WHERE smon_id = ? with no user_group filter. The DELETE path is correctly filtered (app/modules/db/smon.py:319-327 does WHERE id = ? AND user_group = ?), demonstrating that the maintainers know the right pattern but did not apply it on UPDATE. Therefore any authenticated user can iterate over smon_id values and silently rewrite any other tenant's HTTP / TCP / Ping / DNS monitoring check. At time of publication, there are no publicly available patches.","published_time":"2026-06-10T14:00:06","cvss":9.1,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-856h-mvm2-2h2x"],"products":["roxy-wi"],"vendors":["roxy-wi"]}},{"cve_id":"CVE-2026-45552","summary":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before_request → @jwt_required() (app/routes/install/routes.py:36-39). The individual endpoints install_exporter, install_waf, install_geoip, check_geoip, get_exporter_version, and get_task_status are not wrapped in page_for_admin and do not call roxywi_common.is_user_has_access_to_its_group(server_ip) or check_is_server_in_group(server_ip). Only the GET index page (install_monitoring) gates on roxywi_auth.page_for_admin(level=2). Because the missing decorators omit both role and group checks, any logged-in user — including the default guest role 4 — can install/reconfigure exporters, WAF, and GeoIP databases on every server in the Roxy-WI database, regardless of tenant ownership. The Ansible playbooks run with the per-server SSH credential stored in Roxy-WI, which the credentials' rightful owner (a different tenant) has provisioned with sudo rights for the management workflow. At time of publication, there are no publicly available patches.","cvss":9.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.9,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.12024,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-v3f8-g2v8-jq5h"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:36","euvd":{"id":"EUVD-2026-36035","description":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before_request → @jwt_required() (app/routes/install/routes.py:36-39). The individual endpoints install_exporter, install_waf, install_geoip, check_geoip, get_exporter_version, and get_task_status are not wrapped in page_for_admin and do not call roxywi_common.is_user_has_access_to_its_group(server_ip) or check_is_server_in_group(server_ip). Only the GET index page (install_monitoring) gates on roxywi_auth.page_for_admin(level=2). Because the missing decorators omit both role and group checks, any logged-in user — including the default guest role 4 — can install/reconfigure exporters, WAF, and GeoIP databases on every server in the Roxy-WI database, regardless of tenant ownership. The Ansible playbooks run with the per-server SSH credential stored in Roxy-WI, which the credentials' rightful owner (a different tenant) has provisioned with sudo rights for the management workflow. At time of publication, there are no publicly available patches.","published_time":"2026-06-10T13:59:24","cvss":9.9,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-v3f8-g2v8-jq5h"],"products":["roxy-wi"],"vendors":["roxy-wi"]}},{"cve_id":"CVE-2026-45556","summary":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf/<service>/<server_ip>/rule/<rule_id>/save accepts a config_file_name form field that is passed straight through to config_mod.master_slave_upload_and_restart(...) as the destination path. The validation chain (_replace_config_path_to_correct → check_is_conf) only requires the path to contain a hard-coded service substring (nginx/haproxy/apache2/httpd/keepalived) and the substring conf or cfg, and to not contain ... The encoded-slash substitution 92 → / is applied before the substring check, so the attacker can build any absolute path anywhere on the LB filesystem as long as it satisfies those substring constraints. The body of the WAF rule (config form field) is written verbatim to that path. By choosing a filename like 92etc92cron.d92nginx_cfg_evil (resolving to /etc/cron.d/nginx_cfg_evil), an attacker drops a cron entry on the load balancer with attacker-controlled content. Cron parses the file on its next scan, executing the embedded job as root — full RCE on every load balancer the caller's group manages. At time of publication, there are no publicly available patches.","cvss":9.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.9,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22545,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-85gm-773v-x7m4","https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-85gm-773v-x7m4"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:36","euvd":{"id":"EUVD-2026-36038","description":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf/<service>/<server_ip>/rule/<rule_id>/save accepts a config_file_name form field that is passed straight through to config_mod.master_slave_upload_and_restart(...) as the destination path. The validation chain (_replace_config_path_to_correct → check_is_conf) only requires the path to contain a hard-coded service substring (nginx/haproxy/apache2/httpd/keepalived) and the substring conf or cfg, and to not contain ... The encoded-slash substitution 92 → / is applied before the substring check, so the attacker can build any absolute path anywhere on the LB filesystem as long as it satisfies those substring constraints. The body of the WAF rule (config form field) is written verbatim to that path. By choosing a filename like 92etc92cron.d92nginx_cfg_evil (resolving to /etc/cron.d/nginx_cfg_evil), an attacker drops a cron entry on the load balancer with attacker-controlled content. Cron parses the file on its next scan, executing the embedded job as root — full RCE on every load balancer the caller's group manages. At time of publication, there are no publicly available patches.","published_time":"2026-06-10T14:00:54","cvss":9.9,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-85gm-773v-x7m4"],"products":["roxy-wi"],"vendors":["roxy-wi"]}},{"cve_id":"CVE-2026-45558","summary":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints (POST /api/service/haproxy/<server_id>/section/<section_type> and the PUT / global / defaults variants) accept a JSON option field that is not validated, not escaped, and is rendered verbatim into the generated HAProxy configuration via the section.j2, global.j2, and defaults.j2 Ansible templates. Because Roxy-WI then pushes the generated config to the load balancer and runs systemctl reload haproxy, an authenticated user with role ≤ 3 (user) can inject arbitrary HAProxy directives into the config that runs on every load balancer their group manages — including option external-check + external-check command /bin/bash -c '…', which gives remote code execution on the load balancer as the haproxy user on every health-check tick. At time of publication, there are no publicly available patches.","cvss":9.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.9,"cvss_v4":null,"epss":0.00198,"ranking_epss":0.41834,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-w2x4-66jj-3597","https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-w2x4-66jj-3597"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:36","euvd":{"id":"EUVD-2026-36039","description":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints (POST /api/service/haproxy/<server_id>/section/<section_type> and the PUT / global / defaults variants) accept a JSON option field that is not validated, not escaped, and is rendered verbatim into the generated HAProxy configuration via the section.j2, global.j2, and defaults.j2 Ansible templates. Because Roxy-WI then pushes the generated config to the load balancer and runs systemctl reload haproxy, an authenticated user with role ≤ 3 (user) can inject arbitrary HAProxy directives into the config that runs on every load balancer their group manages — including option external-check + external-check command /bin/bash -c '…', which gives remote code execution on the load balancer as the haproxy user on every health-check tick. At time of publication, there are no publicly available patches.","published_time":"2026-06-10T14:01:42","cvss":9.9,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-w2x4-66jj-3597"],"products":["roxy-wi"],"vendors":["roxy-wi"]}},{"cve_id":"CVE-2026-45559","summary":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, get_ldap_email (app/modules/roxywi/user.py:120-157) builds the LDAP search filter via f-string concatenation. The username URL path parameter is taken verbatim — no checkAjaxInput, no LDAP escape — and inserted, a username like *)(mail=*)(cn=* injects additional clauses, allowing the admin to enumerate or harvest attributes outside the intended record. At time of publication, there are no publicly available patches.","cvss":4.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.9,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.0909,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-2257-7mhp-grqp","https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-2257-7mhp-grqp"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:36","euvd":{"id":"EUVD-2026-36040","description":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, get_ldap_email (app/modules/roxywi/user.py:120-157) builds the LDAP search filter via f-string concatenation. The username URL path parameter is taken verbatim — no checkAjaxInput, no LDAP escape — and inserted, a username like *)(mail=*)(cn=* injects additional clauses, allowing the admin to enumerate or harvest attributes outside the intended record. At time of publication, there are no publicly available patches.","published_time":"2026-06-10T14:02:09","cvss":4.9,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-2257-7mhp-grqp"],"products":["roxy-wi"],"vendors":["roxy-wi"]}},{"cve_id":"CVE-2026-45560","summary":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrap_line (app/modules/common/common.py:181-186) and highlight_word (app/modules/common/common.py:188-192) build raw HTML by string concatenation with no escaping. The frontend (app/static/js/script.js, log-viewer paths) uses .html(data) / .append(data) to inject the response body. Anyone able to write a line into a managed HAProxy/Nginx access log (i.e. anyone who can send an HTTP request to the public LB) can land an <svg/onload=…> payload that executes when a Roxy-WI admin opens the log viewer. At time of publication, there are no publicly available patches.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08804,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-28m4-mmr2-83p6","https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-28m4-mmr2-83p6"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:36","euvd":{"id":"EUVD-2026-36041","description":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrap_line (app/modules/common/common.py:181-186) and highlight_word (app/modules/common/common.py:188-192) build raw HTML by string concatenation with no escaping. The frontend (app/static/js/script.js, log-viewer paths) uses .html(data) / .append(data) to inject the response body. Anyone able to write a line into a managed HAProxy/Nginx access log (i.e. anyone who can send an HTTP request to the public LB) can land an <svg/onload=…> payload that executes when a Roxy-WI admin opens the log viewer. At time of publication, there are no publicly available patches.","published_time":"2026-06-10T14:02:31","cvss":6.1,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-28m4-mmr2-83p6"],"products":["roxy-wi"],"vendors":["roxy-wi"]}},{"cve_id":"CVE-2026-45549","summary":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agent_action (app/routes/smon/agent_routes.py:166-179) has decorators @bp.post('/agent/action/<action>') and @jwt_required() only — no role check, no group ownership check on the server_ip form field. Any authenticated user, including role 4 (guest), can start, stop, or restart the roxy-wi-smon-agent systemd unit on any server they can name. Roxy-WI executes the systemd action over its own SSH credentials (passwordless sudo), so the action runs as root on the target. At time of publication, there are no publicly available patches.","cvss":8.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.5,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.11249,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-c92j-h72m-ff4j","https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-c92j-h72m-ff4j"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:35","euvd":{"id":"EUVD-2026-36036","description":"Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agent_action (app/routes/smon/agent_routes.py:166-179) has decorators @bp.post('/agent/action/<action>') and @jwt_required() only — no role check, no group ownership check on the server_ip form field. Any authenticated user, including role 4 (guest), can start, stop, or restart the roxy-wi-smon-agent systemd unit on any server they can name. Roxy-WI executes the systemd action over its own SSH credentials (passwordless sudo), so the action runs as root on the target. At time of publication, there are no publicly available patches.","published_time":"2026-06-10T13:59:41","cvss":8.5,"cvss_version":"3.1","epss":0.0,"assigner":"GitHub_M","references":["https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-c92j-h72m-ff4j"],"products":["roxy-wi"],"vendors":["roxy-wi"]}},{"cve_id":"CVE-2026-11884","summary":"A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the oc_superior (SUP) field length is omitted from buffer size calculations in read_schema_dse() and schema_oc_to_string(), but the field is still written via strcat(). An attacker with Directory Manager privileges, or a compromised replication supplier, can trigger a server crash by creating objectclasses with long SUP values. This is an incomplete fix variant of CVE-2025-14905.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11737,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/security/cve/CVE-2026-11884","https://bugzilla.redhat.com/show_bug.cgi?id=2423624","https://bugzilla.redhat.com/show_bug.cgi?id=2484913","https://redhat.atlassian.net/browse/PSIRTSUPT-7600"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:32","euvd":{"id":"EUVD-2026-36045","description":"A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the oc_superior (SUP) field length is omitted from buffer size calculations in read_schema_dse() and schema_oc_to_string(), but the field is still written via strcat(). An attacker with Directory Manager privileges, or a compromised replication supplier, can trigger a server crash by creating objectclasses with long SUP values. This is an incomplete fix variant of CVE-2025-14905.","published_time":"2026-06-10T14:07:13","cvss":6.5,"cvss_version":"3.1","epss":0.0,"assigner":"redhat","references":["https://access.redhat.com/security/cve/CVE-2026-11884","https://bugzilla.redhat.com/show_bug.cgi?id=2423624","https://bugzilla.redhat.com/show_bug.cgi?id=2484913","https://redhat.atlassian.net/browse/PSIRTSUPT-7600"],"products":[],"vendors":[]}},{"cve_id":"CVE-2025-10238","summary":"During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode (SMM).","cvss":8.4,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":8.4,"epss":0.00014,"ranking_epss":0.02565,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.lenovo.com/us/en/product_security/LEN-218282"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:31","euvd":{"id":"EUVD-2025-210108","description":"During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode (SMM).","published_time":"2026-06-10T14:11:21","cvss":8.4,"cvss_version":"4.0","epss":0.0,"assigner":"lenovo","references":["https://support.lenovo.com/us/en/product_security/LEN-218282"],"products":["X1 Yoga 4th Gen (Type 20SA, 20SB) Laptop (ThinkPad) BIOS","P16 Gen 2 (Type 21FA, 21FB) Laptop (ThinkPad) BIOS","X1 Extreme 2nd Gen (Type 20QV, 20QW) Laptop (ThinkPad) BIOS","P15v Gen 3 (Type 21EN 21EM) Laptop (ThinkPad) BIOS","X13 Yoga Gen 1 (Type 20SX, 20SY) Laptop (ThinkPad) BIOS","P14s Gen 6 (Type 21QT, 21QU) Laptops (ThinkPad) BIOS","ThinkPad S2 Yoga Gen 6 Type 20VN China Only BIOS","X390 (Type 20SC, 20SD) Laptop (ThinkPad) BIOS","ThinkPad R14 Gen 5 Type 21JM PRC BIOS","X1 Nano Gen 2 (Type 21E8 21E9) Laptop (ThinkPad) BIOS","X1 Yoga 8th Gen (Type 21HQ, 21HR) Laptop (ThinkPad) BIOS","P14s Gen 2 (type 21A0, 21A1) Laptop (ThinkPad) BIOS","L13 (type 20R3, 20R4) Laptops (ThinkPad) BIOS","P16v Gen 1 (Type 21FC, 21FD) Laptop (ThinkPad) BIOS","P1 Gen 7 (Type 21KV, 21KW) Laptop (ThinkPad) BIOS","P14s Gen 4 (Type 21K5, 21K6) Laptop (ThinkPad) BIOS","L13 2-in-1 Gen 6 (Type 21R7, 21R8) Laptops (ThinkPad) BIOS","X1 Titanium (Type 20QA, 20QB) Laptop (ThinkPad) BIOS","X1 Fold 16 Gen 1 (Type 21ES, 21ET) Laptop (ThinkPad) BIOS","T14 Gen 3 (Type 21AH, 21AJ) Laptop (ThinkPad) BIOS","P16v Gen 1 (Type 21FE, 21FF) Laptop (ThinkPad) BIOS","L16 Gen 1 (Type 21L7 21L8) Laptops (ThinkPad) BIOS","L14 Gen 6 (Type 21SE, 21SF) Laptops (ThinkPad) BIOS","T14s Gen 4 (Type 21F8, 21F9) Laptop (ThinkPad) BIOS","X13 Yoga Gen 4 (Type 21F2, 21F3) Laptop (ThinkPad) BIOS","X13 Gen 5 (Type 21LU, 21LV) Laptop (ThinkPad) BIOS","X1 Fold Gen 1 (Type 20RK, 20RL) Laptop (ThinkPad) BIOS","L14 Gen 2 (type 20X5, 20X6) Laptop (ThinkPad) BIOS","Z16 Gen 1 (Type 21D4, 21D5) Laptop (ThinkPad) BIOS","Z16 Gen 2 (Type 21JX, 21JY) Laptop (ThinkPad) BIOS","E14 Gen 4 (type 21E3, 21E4) Laptops (ThinkPad) BIOS","P16 Gen 1 (Type 21D6, 21D7) Laptop (ThinkPad) BIOS","L14 Gen 2 Type 20X1 20X2 Laptops (ThinkPad) BIOS","X9-14 Gen 1 (Type 21QA, 21QB) Laptop (ThinkPad) BIOS","L13 Yoga Gen 3 (Type 21B5, 21B6) Laptop (ThinkPad) BIOS","X13 Yoga Gen 2 (Type 20W8, 20W9) Laptop (ThinkPad) BIOS","T14s Gen 5 (Type 21LS, 21LT) Laptop (ThinkPad) BIOS","P14s Gen 5 (Type 21G2, 21G3) Laptops (ThinkPad) BIOS","P16v Gen 3 (Type 21RS, 21RT) Laptop (ThinkPad) BIOS","X1 Yoga 5th Gen (Type 20UB, 20UC) Laptop (ThinkPad) BIOS","L16 Gen 2 (Type 21SC, 21SD) Laptops (ThinkPad) BIOS","X13 Yoga Gen 3 (Type 21AW 21AX) Laptop (ThinkPad) BIOS","L14 Gen 4 (Type 21H1, 21H2) Laptop (ThinkPad) BIOS","X12 Detachable Gen 2 (Type 21LK, 21LL) Laptops (ThinkPad) BIOS","E15 Gen 4 (type 21ED 21EE) Laptop (ThinkPad) BIOS","T14s Gen 4 (Type 21F6, 21F7) Laptop (ThinkPad) BIOS","T14s Gen 3 (Type 21BR 21BS) Laptop (ThinkPad) BIOS","E16 Gen 3 (Type 22AY, 22B0) Laptop (ThinkPad) BIOS","L13 Gen 5 (Type 21LB, 21LC) Laptops (ThinkPad) BIOS","X13 Gen 6 (Type 21RM, 21RN) Laptops (ThinkPad) BIOS","T14s Gen 6 (Type 21TB, 21TC) Laptops (ThinkPad) BIOS","P73 (type 20QR, 20QS) Laptop (Thinkpad) BIOS","T16 Gen 4 (Type 22AW, 22AX) Laptops (ThinkPad) BIOS","T16 Gen 3 (Type 21MN, 21MQ) Laptops (ThinkPad) BIOS","L390 (type 20NR, 20NS) Laptops (ThinkPad) BIOS","L14 Gen 3 (type 21C1, 21C2) Laptops (ThinkPad) BIOS","T14 Gen 5 (Type 21MC, 21MD) Laptops (ThinkPad) BIOS","L13 Gen 6 (Type 21RB, 21RC) Laptops (ThinkPad) BIOS","X1 Nano Gen 1 (Type 20UN 20UQ) Laptop (ThinkPad) BIOS","P1 Gen 5 (Type 21DC 21DD) Laptop (ThinkPad) BIOS","X13 Gen 2 (Type 20WK, 20WL) Laptop (ThinkPad) BIOS","X12 Detachable  Gen 1 (Type 20UW, 20UV) Laptop (ThinkPad) BIOS","X1 Extreme 4th Gen (Type 20Y5, 20Y6) Laptop (ThinkPad) BIOS","P1 Gen 6 (Type 21FV, 21FW) Laptop (ThinkPad) BIOS","X390 Yoga (Type 20NN, 20NQ) Laptop (ThinkPad) BIOS","X1 Yoga 6th Gen (Type 20XY, 20Y0) Laptop (ThinkPad) BIOS","L15 Gen 4 (Type 21H7, 21H8) Laptops (ThinkPad) BIOS","T490 (Type 20N2, 20N3) Laptop (ThinkPad) BIOS","X13 Gen 4 (Type 21J3, 21J4) Laptop (ThinkPad) BIOS","X1 2-in-1 Gen 9 (Type 21KE, 21KF) Laptop (ThinkPad) BIOS","X1 Extreme 3rd Gen (Type 20TK, 20TL) Laptop (ThinkPad) BIOS","S2 Yoga Gen 8 (Types 21FU) China Only Laptop (ThinkPad) BIOS","ThinkPad S2 Yoga Gen 6  Type 21AG China Only BIOS","ThinkPad S2 Gen 7 Type 21BD BIOS","E14 Gen 7 (Type 21T9, 21TA) Laptops (ThinkPad) BIOS","P14s Gen 6 (Type 21QL, 21QM) Laptops (ThinkPad) BIOS","T14s (Type 20T0, 20T1) Laptop (ThinkPad) BIOS","X13 Gen 2 (Type 20XH, 20XJ) Laptop (ThinkPad) BIOS","P17 Gen 2 (type 20YU, 20YV) Laptops (ThinkPad) BIOS","L13 Gen 4 (Type 21FG, 21FH) Laptop (ThinkPad) BIOS","T14s Gen 6 (Type 21R1, 21R2) Laptops (ThinkPad) BIOS","X1 Yoga 7th Gen (Type 21CD, 21CE) Laptop (ThinkPad) BIOS","P16s Gen 2 (Type 21HK, 21HL) Laptop (ThinkPad) BIOS","X1 Carbon 13th Gen (Type 21NX, 21NY) Laptops (ThinkPad) BIOS","P16v Gen 2 (Type 21KX, 21KY) Laptops (ThinkPad) BIOS","E16 Gen 3 (Type 21SR, 21SS) Laptops (ThinkPad) BIOS","T15 (type 20S6, 20S7) Laptop (ThinkPad) BIOS","T15p Gen 3 (Type 21DA 21DB) Laptop (ThinkPad) BIOS","E14 Gen 6 (Type 21M3, 21M4) Laptops (ThinkPad) BIOS","T14s Gen 6 (Type 21M1, 21M2) Laptops (ThinkPad) BIOS","T15p Gen 2 (Type 21A7, 21A8) Laptop (ThinkPad) BIOS","L14 Gen 3 (type 21C5, 21C6) Laptops (ThinkPad) BIOS","P14s Gen 3 (Type 21J5, 21J6) Laptop (ThinkPad) BIOS","T16 Gen 4 (Type 21QE, 21QF) Laptops (ThinkPad) BIOS","X9-15 Gen 1 (Type 21Q6, 21Q7) Laptop (ThinkPad) BIOS","T14s Gen 6 (Type 21QX, 21QY) Laptops (ThinkPad) BIOS","X1 2-in-1 Gen 10 (Type 21NU, 21NV) Laptop (ThinkPad) BIOS","L14 Gen 5 (Type 21L1, 21L2) Laptops (ThinkPad) BIOS","E15 Gen 3 (Type 20YG, 20YH, 20YJ, 20YK) Laptop (ThinkPad) BIOS","X13 Gen 6 (Type 21RK, 21RL) Laptops (ThinkPad) BIOS","E14 Gen 5 (Type 21JR, 21JS) Laptop (ThinkPad) BIOS","L14 Gen 6 (Type 21S6, 21S7) Laptops (ThinkPad) BIOS","E16 Gen 3 (Type 21ST, 21SU) Laptops (ThinkPad) BIOS","X1 Nano Gen 3 (Type 21K1, 21K2) Laptop (ThinkPad) BIOS","T15 Gen 2 (Type 20W4, 20W5) Laptop (ThinkPad) BIOS","E16 Gen 2 (Type 21MA, 21MB) Laptops (ThinkPad) BIOS","T15g Gen 1 (type 20UR 20US) Laptop (ThinkPad) BIOS","T14s Gen 3 (Type 21CQ 21CR) Laptop (ThinkPad) BIOS"],"vendors":["Lenovo"]}},{"cve_id":"CVE-2025-10237","summary":"During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions.","cvss":8.4,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":6.7,"cvss_v4":8.4,"epss":7e-05,"ranking_epss":0.00576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.lenovo.com/us/en/product_security/LEN-218282"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T15:16:30","euvd":{"id":"EUVD-2025-210107","description":"During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions.","published_time":"2026-06-10T14:10:56","cvss":8.4,"cvss_version":"4.0","epss":0.0,"assigner":"lenovo","references":["https://support.lenovo.com/us/en/product_security/LEN-218282"],"products":["P16v Gen 1 (Type 21FC, 21FD) Laptop (ThinkPad) BIOS","T14s (Type 20T0, 20T1) Laptop (ThinkPad) BIOS","X13 Yoga Gen 1 (Type 20SX, 20SY) Laptop (ThinkPad) BIOS","L13 Gen 6 (Type 21RB, 21RC) Laptops (ThinkPad) BIOS","X13 Gen 4 (Type 21J3, 21J4) Laptop (ThinkPad) BIOS","L13 Yoga Gen 3 (Type 21B5, 21B6) Laptop (ThinkPad) BIOS","X13 Yoga Gen 3 (Type 21AW 21AX) Laptop (ThinkPad) BIOS","T14s Gen 4 (Type 21F8, 21F9) Laptop (ThinkPad) BIOS","T15 (type 20S6, 20S7) Laptop (ThinkPad) BIOS","X1 Extreme 4th Gen (Type 20Y5, 20Y6) Laptop (ThinkPad) BIOS","L14 Gen 4 (Type 21H1, 21H2) Laptop (ThinkPad) BIOS","ThinkPad S2 Gen 7 Type 21BD BIOS","X1 Yoga 7th Gen (Type 21CD, 21CE) Laptop (ThinkPad) BIOS","P16v Gen 3 (Type 21RS, 21RT) Laptop (ThinkPad) BIOS","T15p Gen 2 (Type 21A7, 21A8) Laptop (ThinkPad) BIOS","P14s Gen 2 (type 21A0, 21A1) Laptop (ThinkPad) BIOS","P1 Gen 7 (Type 21KV, 21KW) Laptop (ThinkPad) BIOS","X9-14 Gen 1 (Type 21QA, 21QB) Laptop (ThinkPad) BIOS","X13 Gen 6 (Type 21RK, 21RL) Laptops (ThinkPad) BIOS","T14s Gen 3 (Type 21BR 21BS) Laptop (ThinkPad) BIOS","L390 (type 20NR, 20NS) Laptops (ThinkPad) BIOS","X13 Yoga Gen 4 (Type 21F2, 21F3) Laptop (ThinkPad) BIOS","Z16 Gen 1 (Type 21D4, 21D5) Laptop (ThinkPad) BIOS","X13 Gen 2 (Type 20XH, 20XJ) Laptop (ThinkPad) BIOS","T14 Gen 5 (Type 21MC, 21MD) Laptops (ThinkPad) BIOS","X1 2-in-1 Gen 10 (Type 21NU, 21NV) Laptop (ThinkPad) BIOS","P14s Gen 4 (Type 21K5, 21K6) Laptop (ThinkPad) BIOS","L13 (type 20R3, 20R4) Laptops (ThinkPad) BIOS","S2 Yoga Gen 8 (Types 21FU) China Only Laptop (ThinkPad) BIOS","ThinkPad S2 Yoga Gen 6 Type 20VN China Only BIOS","X12 Detachable Gen 2 (Type 21LK, 21LL) Laptops (ThinkPad) BIOS","T15p Gen 3 (Type 21DA 21DB) Laptop (ThinkPad) BIOS","X390 Yoga (Type 20NN, 20NQ) Laptop (ThinkPad) BIOS","L16 Gen 1 (Type 21L7 21L8) Laptops (ThinkPad) BIOS","L14 Gen 3 (type 21C5, 21C6) Laptops (ThinkPad) BIOS","X1 2-in-1 Gen 9 (Type 21KE, 21KF) Laptop (ThinkPad) BIOS","P16s Gen 2 (Type 21HK, 21HL) Laptop (ThinkPad) BIOS","P1 Gen 5 (Type 21DC 21DD) Laptop (ThinkPad) BIOS","L13 Gen 4 (Type 21FG, 21FH) Laptop (ThinkPad) BIOS","X1 Extreme 3rd Gen (Type 20TK, 20TL) Laptop (ThinkPad) BIOS","Z16 Gen 2 (Type 21JX, 21JY) Laptop (ThinkPad) BIOS","X13 Yoga Gen 2 (Type 20W8, 20W9) Laptop (ThinkPad) BIOS","T14s Gen 4 (Type 21F6, 21F7) Laptop (ThinkPad) BIOS","P15v Gen 3 (Type 21EN 21EM) Laptop (ThinkPad) BIOS","T16 Gen 4 (Type 22AW, 22AX) Laptops (ThinkPad) BIOS","L14 Gen 2 (type 20X5, 20X6) Laptop (ThinkPad) BIOS","X1 Extreme 2nd Gen (Type 20QV, 20QW) Laptop (ThinkPad) BIOS","X1 Yoga 5th Gen (Type 20UB, 20UC) Laptop (ThinkPad) BIOS","X13 Gen 2 (Type 20WK, 20WL) Laptop (ThinkPad) BIOS","L14 Gen 2 Type 20X1 20X2 Laptops (ThinkPad) BIOS","T14s Gen 6 (Type 21M1, 21M2) Laptops (ThinkPad) BIOS","L13 Gen 5 (Type 21LB, 21LC) Laptops (ThinkPad) BIOS","T14s Gen 5 (Type 21LS, 21LT) Laptop (ThinkPad) BIOS","L14 Gen 5 (Type 21L1, 21L2) Laptops (ThinkPad) BIOS","ThinkPad S2 Yoga Gen 6  Type 21AG China Only BIOS","T15 Gen 2 (Type 20W4, 20W5) Laptop (ThinkPad) BIOS","X1 Nano Gen 1 (Type 20UN 20UQ) Laptop (ThinkPad) BIOS","T14s Gen 6 (Type 21TB, 21TC) Laptops (ThinkPad) BIOS","X1 Nano Gen 3 (Type 21K1, 21K2) Laptop (ThinkPad) BIOS","P16 Gen 1 (Type 21D6, 21D7) Laptop (ThinkPad) BIOS","X1 Titanium (Type 20QA, 20QB) Laptop (ThinkPad) BIOS","X13 Gen 6 (Type 21RM, 21RN) Laptops (ThinkPad) BIOS","L13 2-in-1 Gen 6 (Type 21R7, 21R8) Laptops (ThinkPad) BIOS","T14s Gen 6 (Type 21R1, 21R2) Laptops (ThinkPad) BIOS","T16 Gen 3 (Type 21MN, 21MQ) Laptops (ThinkPad) BIOS","P14s Gen 6 (Type 21QL, 21QM) Laptops (ThinkPad) BIOS","P1 Gen 6 (Type 21FV, 21FW) Laptop (ThinkPad) BIOS","X1 Nano Gen 2 (Type 21E8 21E9) Laptop (ThinkPad) BIOS","L14 Gen 6 (Type 21SE, 21SF) Laptops (ThinkPad) BIOS","X13 Gen 5 (Type 21LU, 21LV) Laptop (ThinkPad) BIOS","X1 Yoga 8th Gen (Type 21HQ, 21HR) Laptop (ThinkPad) BIOS","P16v Gen 1 (Type 21FE, 21FF) Laptop (ThinkPad) BIOS","T16 Gen 4 (Type 21QE, 21QF) Laptops (ThinkPad) BIOS","X1 Yoga 4th Gen (Type 20SA, 20SB) Laptop (ThinkPad) BIOS","X390 (Type 20SC, 20SD) Laptop (ThinkPad) BIOS","X1 Fold 16 Gen 1 (Type 21ES, 21ET) Laptop (ThinkPad) BIOS","T14s Gen 6 (Type 21QX, 21QY) Laptops (ThinkPad) BIOS","X1 Yoga 6th Gen (Type 20XY, 20Y0) Laptop (ThinkPad) BIOS","P14s Gen 6 (Type 21QT, 21QU) Laptops (ThinkPad) BIOS","L15 Gen 4 (Type 21H7, 21H8) Laptops (ThinkPad) BIOS","X1 Carbon 13th Gen (Type 21NX, 21NY) Laptops (ThinkPad) BIOS","P73 (type 20QR, 20QS) Laptop (Thinkpad) BIOS","P16v Gen 2 (Type 21KX, 21KY) Laptops (ThinkPad) BIOS","T14 Gen 3 (Type 21AH, 21AJ) Laptop (ThinkPad) BIOS","L14 Gen 3 (type 21C1, 21C2) Laptops (ThinkPad) BIOS","X12 Detachable  Gen 1 (Type 20UW, 20UV) Laptop (ThinkPad) BIOS","L14 Gen 6 (Type 21S6, 21S7) Laptops (ThinkPad) BIOS","L16 Gen 2 (Type 21SC, 21SD) Laptops (ThinkPad) BIOS","X1 Fold Gen 1 (Type 20RK, 20RL) Laptop (ThinkPad) BIOS","T490 (Type 20N2, 20N3) Laptop (ThinkPad) BIOS","P17 Gen 2 (type 20YU, 20YV) Laptops (ThinkPad) BIOS","T15g Gen 1 (type 20UR 20US) Laptop (ThinkPad) BIOS","P16 Gen 2 (Type 21FA, 21FB) Laptop (ThinkPad) BIOS","P14s Gen 5 (Type 21G2, 21G3) Laptops (ThinkPad) BIOS","T14s Gen 3 (Type 21CQ 21CR) Laptop (ThinkPad) BIOS"],"vendors":["Lenovo"]}},{"cve_id":"CVE-2026-53441","summary":"Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could be set through the `POST config.xml` API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.","cvss":null,"cvss_version":null,"cvss_v2":null,"cvss_v3":null,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.0519,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3731"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T14:16:37","euvd":{"id":"EUVD-2026-36025","description":"Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could be set through the `POST config.xml` API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.","published_time":"2026-06-10T13:06:01","cvss":0.0,"cvss_version":null,"epss":0.0,"assigner":"jenkins","references":["https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3731"],"products":["Jenkins","Jenkins","Jenkins"],"vendors":["Jenkins Project"]}},{"cve_id":"CVE-2026-53442","summary":"Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05444,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3744"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T14:16:37","euvd":{"id":"EUVD-2026-36026","description":"Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.","published_time":"2026-06-10T13:06:02","cvss":5.3,"cvss_version":"3.1","epss":0.0,"assigner":"jenkins","references":["https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3744"],"products":["Jenkins","Jenkins"],"vendors":["Jenkins Project"]}},{"cve_id":"CVE-2026-9758","summary":"Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered trusted","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05966,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://gitlab.com/systerel/S2OPC/-/work_items/1770"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T14:16:37","euvd":{"id":"EUVD-2026-36003","description":"Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered trusted","published_time":"2026-06-10T12:32:39","cvss":7.3,"cvss_version":"3.1","epss":0.0,"assigner":"GitLab","references":["https://gitlab.com/systerel/S2OPC/-/work_items/1770"],"products":["S2OPC"],"vendors":["Systerel"]}},{"cve_id":"CVE-2026-52757","summary":"Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereferenced, reading and writing the flags field of freed heap memory when a user opens the binary in Ghidra's decompiler view.","cvss":4.6,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":4.4,"cvss_v4":4.6,"epss":0.00013,"ranking_epss":0.02276,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-8jqp-qv73-395r","https://www.vulncheck.com/advisories/ghidra-heap-use-after-free-in-highvariable-merge-during-decompilation","https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-8jqp-qv73-395r"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T14:16:36","euvd":{"id":"EUVD-2026-36016","description":"Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereferenced, reading and writing the flags field of freed heap memory when a user opens the binary in Ghidra's decompiler view.","published_time":"2026-06-10T12:42:01","cvss":4.6,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-8jqp-qv73-395r","https://www.vulncheck.com/advisories/ghidra-heap-use-after-free-in-highvariable-merge-during-decompilation"],"products":["Ghidra"],"vendors":["NationalSecurityAgency"]}},{"cve_id":"CVE-2026-52758","summary":"Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers can inject arbitrary SQL via the BSim network query protocol to read, modify, or delete data in the PostgreSQL database.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":8.7,"epss":0.0008,"ranking_epss":0.23688,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-8r4f-65cr-fwxm","https://www.vulncheck.com/advisories/ghidra-sql-injection-via-unescaped-filter-values-in-bsim-search","https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-8r4f-65cr-fwxm"],"vendor":"nsa","product":"ghidra","version":null,"published_time":"2026-06-10T14:16:36","euvd":{"id":"EUVD-2026-36017","description":"Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers can inject arbitrary SQL via the BSim network query protocol to read, modify, or delete data in the PostgreSQL database.","published_time":"2026-06-10T12:42:30","cvss":8.7,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-8r4f-65cr-fwxm","https://www.vulncheck.com/advisories/ghidra-sql-injection-via-unescaped-filter-values-in-bsim-search"],"products":["Ghidra"],"vendors":["NationalSecurityAgency"]}},{"cve_id":"CVE-2026-52759","summary":"Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O binary with an arbitrarily large ncmds load command count value, forcing the parser to allocate excessive heap memory without validating file size, crashing the Ghidra JVM.","cvss":6.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":6.7,"epss":0.00013,"ranking_epss":0.02141,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-v6c3-h9cp-3whf","https://www.vulncheck.com/advisories/ghidra-denial-of-service-via-uncontrolled-memory-allocation-in-mach-o-parser","https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-v6c3-h9cp-3whf"],"vendor":"nsa","product":"ghidra","version":null,"published_time":"2026-06-10T14:16:36","euvd":{"id":"EUVD-2026-36018","description":"Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O binary with an arbitrarily large ncmds load command count value, forcing the parser to allocate excessive heap memory without validating file size, crashing the Ghidra JVM.","published_time":"2026-06-10T12:43:09","cvss":6.7,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-v6c3-h9cp-3whf","https://www.vulncheck.com/advisories/ghidra-denial-of-service-via-uncontrolled-memory-allocation-in-mach-o-parser"],"products":["Ghidra"],"vendors":["Ghidra"]}},{"cve_id":"CVE-2026-53435","summary":"In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or plugins from an attacker-controlled `config.xml` submission in a way that allows them to handle HTTP requests afterwards.\nThis can be used to impersonate any user and send HTTP requests on their behalf, up to and including use of the Script Console to run arbitrary code, or to read arbitrary files from the Jenkins controller.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00054,"ranking_epss":0.17151,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3707"],"vendor":"jenkins","product":"jenkins","version":null,"published_time":"2026-06-10T14:16:36","euvd":{"id":"EUVD-2026-36019","description":"In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or plugins from an attacker-controlled `config.xml` submission in a way that allows them to handle HTTP requests afterwards.\nThis can be used to impersonate any user and send HTTP requests on their behalf, up to and including use of the Script Console to run arbitrary code, or to read arbitrary files from the Jenkins controller.","published_time":"2026-06-10T13:05:57","cvss":8.8,"cvss_version":"3.1","epss":0.0,"assigner":"jenkins","references":["https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3707"],"products":["Jenkins","Jenkins"],"vendors":["Jenkins Project"]}},{"cve_id":"CVE-2026-53436","summary":"Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments (`./` or `../`), allowing attackers to perform phishing attacks.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.08458,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3711+3755"],"vendor":"jenkins","product":"jenkins","version":null,"published_time":"2026-06-10T14:16:36","euvd":{"id":"EUVD-2026-36020","description":"Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments (`./` or `../`), allowing attackers to perform phishing attacks.","published_time":"2026-06-10T13:05:57","cvss":4.3,"cvss_version":"3.1","epss":0.0,"assigner":"jenkins","references":["https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3711+3755"],"products":["Jenkins","Jenkins"],"vendors":["Jenkins Project"]}},{"cve_id":"CVE-2026-53437","summary":"Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab or newline characters between `//`, allowing attackers to perform phishing attacks.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.08458,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3711+3755"],"vendor":"jenkins","product":"jenkins","version":null,"published_time":"2026-06-10T14:16:36","euvd":{"id":"EUVD-2026-36021","description":"Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab or newline characters between `//`, allowing attackers to perform phishing attacks.","published_time":"2026-06-10T13:05:58","cvss":4.3,"cvss_version":"3.1","epss":0.0,"assigner":"jenkins","references":["https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3711+3755"],"products":["Jenkins","Jenkins"],"vendors":["Jenkins Project"]}},{"cve_id":"CVE-2026-53438","summary":"A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07929,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3712"],"vendor":"jenkins","product":"jenkins","version":null,"published_time":"2026-06-10T14:16:36","euvd":{"id":"EUVD-2026-36022","description":"A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view.","published_time":"2026-06-10T13:05:59","cvss":4.3,"cvss_version":"3.1","epss":0.0,"assigner":"jenkins","references":["https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3712"],"products":["Jenkins","Jenkins"],"vendors":["Jenkins Project"]}},{"cve_id":"CVE-2026-53439","summary":"Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names of other users' \"My Views\".","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07509,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3713"],"vendor":"jenkins","product":"jenkins","version":null,"published_time":"2026-06-10T14:16:36","euvd":{"id":"EUVD-2026-36023","description":"Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names of other users' \"My Views\".","published_time":"2026-06-10T13:06:00","cvss":4.3,"cvss_version":"3.1","epss":0.0,"assigner":"jenkins","references":["https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3713"],"products":["Jenkins","Jenkins"],"vendors":["Jenkins Project"]}},{"cve_id":"CVE-2026-53440","summary":"Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the \"from\" parameter in the \"Delegate to servlet container\" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.08458,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3721"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T14:16:36","euvd":{"id":"EUVD-2026-36024","description":"Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the \"from\" parameter in the \"Delegate to servlet container\" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain.","published_time":"2026-06-10T13:06:00","cvss":4.3,"cvss_version":"3.1","epss":0.0,"assigner":"jenkins","references":["https://www.jenkins.io/security/advisory/2026-06-10/#SECURITY-3721"],"products":["Jenkins","Jenkins"],"vendors":["Jenkins Project"]}},{"cve_id":"CVE-2026-52750","summary":"Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments that victims click.","cvss":8.4,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":8.4,"epss":0.00023,"ranking_epss":0.06863,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-5c38-3rf3-gp75","https://www.vulncheck.com/advisories/ghidra-command-injection-via-url-annotation-click"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T14:16:35","euvd":{"id":"EUVD-2026-36008","description":"Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments that victims click.","published_time":"2026-06-10T12:39:03","cvss":7.3,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-5c38-3rf3-gp75","https://www.vulncheck.com/advisories/ghidra-command-injection-via-url-annotation-click"],"products":["Ghidra"],"vendors":["NationalSecurityAgency"]}},{"cve_id":"CVE-2026-52751","summary":"Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes untrusted objects using a Jython 2.7.4 gadget chain to execute arbitrary commands.","cvss":8.6,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":8.6,"epss":0.00117,"ranking_epss":0.30085,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/NationalSecurityAgency/ghidra/commit/91a269103fe5d133c14ec3afa60280dccb94be5c","https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-fgg5-g275-7742","https://www.vulncheck.com/advisories/ghidra-remote-code-execution-via-unfiltered-rmi-deserialization-in-shared-project-connection"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T14:16:35","euvd":{"id":"EUVD-2026-36009","description":"Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes untrusted objects using a Jython 2.7.4 gadget chain to execute arbitrary commands.","published_time":"2026-06-10T12:39:34","cvss":8.6,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-fgg5-g275-7742","https://github.com/NationalSecurityAgency/ghidra/commit/91a269103fe5d133c14ec3afa60280dccb94be5c","https://www.vulncheck.com/advisories/ghidra-remote-code-execution-via-unfiltered-rmi-deserialization-in-shared-project-connection"],"products":["Ghidra"],"vendors":["NationalSecurityAgency"]}},{"cve_id":"CVE-2026-52752","summary":"Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabling code execution.","cvss":8.4,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":8.4,"epss":0.00014,"ranking_epss":0.02822,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-jhc2-q7qf-9c25","https://www.vulncheck.com/advisories/ghidra-path-traversal-in-extension-installer-via-zip-entry-names","https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-jhc2-q7qf-9c25"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T14:16:35","euvd":{"id":"EUVD-2026-36011","description":"Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabling code execution.","published_time":"2026-06-10T12:39:59","cvss":8.4,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-jhc2-q7qf-9c25","https://www.vulncheck.com/advisories/ghidra-path-traversal-in-extension-installer-via-zip-entry-names"],"products":["Ghidra"],"vendors":["NationalSecurityAgency"]}},{"cve_id":"CVE-2026-52753","summary":"Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analysis.","cvss":6.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":6.7,"epss":0.00013,"ranking_epss":0.02164,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-m94m-fqr3-x442","https://www.vulncheck.com/advisories/ghidra-out-of-memory-in-rust-symbol-demangler-via-malformed-symbol","https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-m94m-fqr3-x442"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T14:16:35","euvd":{"id":"EUVD-2026-36012","description":"Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analysis.","published_time":"2026-06-10T12:40:22","cvss":6.7,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-m94m-fqr3-x442","https://www.vulncheck.com/advisories/ghidra-out-of-memory-in-rust-symbol-demangler-via-malformed-symbol"],"products":["Ghidra"],"vendors":["NationalSecurityAgency"]}},{"cve_id":"CVE-2026-52754","summary":"Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify repository access controls, exfiltrate shared reverse engineering databases, and permanently compromise server integrity.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":8.7,"epss":0.00051,"ranking_epss":0.16223,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/NationalSecurityAgency/ghidra/commit/78729379e471bbb3d969409be6a8c3d24af84220","https://github.com/NationalSecurityAgency/ghidra/commit/79d8f164f8bb8b15cfb60c5d4faeb8e1c25d15ca","https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-5wxq-7qpv-65p2","https://www.vulncheck.com/advisories/ghidra-authentication-bypass-via-null-signature-in-pkiauthenticationmodule"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T14:16:35","euvd":{"id":"EUVD-2026-36013","description":"Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify repository access controls, exfiltrate shared reverse engineering databases, and permanently compromise server integrity.","published_time":"2026-06-10T12:40:46","cvss":8.7,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-5wxq-7qpv-65p2","https://github.com/NationalSecurityAgency/ghidra/commit/78729379e471bbb3d969409be6a8c3d24af84220","https://github.com/NationalSecurityAgency/ghidra/commit/79d8f164f8bb8b15cfb60c5d4faeb8e1c25d15ca","https://www.vulncheck.com/advisories/ghidra-authentication-bypass-via-null-signature-in-pkiauthenticationmodule"],"products":["Ghidra"],"vendors":["NationalSecurityAgency"]}},{"cve_id":"CVE-2026-52755","summary":"Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensitive files like .bashrc or .ssh/authorized_keys.","cvss":8.4,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":8.4,"epss":0.00014,"ranking_epss":0.02822,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-3r55-xjr4-jh8f","https://www.vulncheck.com/advisories/ghidra-path-traversal-via-zip-slip-in-theme-import","https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-3r55-xjr4-jh8f"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T14:16:35","euvd":{"id":"EUVD-2026-36014","description":"Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensitive files like .bashrc or .ssh/authorized_keys.","published_time":"2026-06-10T12:41:11","cvss":8.4,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-3r55-xjr4-jh8f","https://www.vulncheck.com/advisories/ghidra-path-traversal-via-zip-slip-in-theme-import"],"products":["Ghidra"],"vendors":["NationalSecurityAgency"]}},{"cve_id":"CVE-2026-52756","summary":"Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf messages with traversal sequences to enumerate filesystem paths and probe arbitrary files.","cvss":6.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":4.8,"cvss_v4":6.3,"epss":0.00151,"ranking_epss":0.35525,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-8pr2-46mf-v2r2","https://www.vulncheck.com/advisories/ghidra-unauthenticated-path-traversal-in-debugger-isf-server","https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-8pr2-46mf-v2r2"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T14:16:35","euvd":{"id":"EUVD-2026-36015","description":"Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf messages with traversal sequences to enumerate filesystem paths and probe arbitrary files.","published_time":"2026-06-10T12:41:39","cvss":6.3,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-8pr2-46mf-v2r2","https://www.vulncheck.com/advisories/ghidra-unauthenticated-path-traversal-in-debugger-isf-server"],"products":["Ghidra"],"vendors":["NationalSecurityAgency"]}},{"cve_id":"CVE-2026-49069","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Portfolio allows Reflected XSS.\n\nThis issue affects WPZOOM Portfolio: from n/a through 1.4.21.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.10257,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://patchstack.com/database/wordpress/plugin/wpzoom-portfolio/vulnerability/wordpress-wpzoom-portfolio-plugin-1-4-21-cross-site-scripting-xss-vulnerability?_s_id=cve"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T14:16:34","euvd":{"id":"EUVD-2026-36010","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Portfolio allows Reflected XSS.\n\nThis issue affects WPZOOM Portfolio: from n/a through 1.4.21.","published_time":"2026-06-10T12:39:37","cvss":7.1,"cvss_version":"3.1","epss":0.0,"assigner":"Patchstack","references":["https://patchstack.com/database/wordpress/plugin/wpzoom-portfolio/vulnerability/wordpress-wpzoom-portfolio-plugin-1-4-21-cross-site-scripting-xss-vulnerability?_s_id=cve"],"products":["WPZOOM Portfolio"],"vendors":["WPZOOM"]}},{"cve_id":"CVE-2026-49495","summary":"Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential string concatenation, triggering OutOfMemoryError that crashes the entire JVM and loses all unsaved work.","cvss":6.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":6.7,"epss":0.00013,"ranking_epss":0.02164,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-wm33-9f68-3vjg","https://www.vulncheck.com/advisories/ghidra-denial-of-service-via-circular-reference-in-mach-o-export-trie-parser","https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-wm33-9f68-3vjg"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T14:16:34","euvd":{"id":"EUVD-2026-36004","description":"Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential string concatenation, triggering OutOfMemoryError that crashes the entire JVM and loses all unsaved work.","published_time":"2026-06-10T12:36:43","cvss":6.7,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-wm33-9f68-3vjg","https://www.vulncheck.com/advisories/ghidra-denial-of-service-via-circular-reference-in-mach-o-export-trie-parser"],"products":["Ghidra"],"vendors":["NationalSecurityAgency"]}},{"cve_id":"CVE-2026-49496","summary":"Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries through the public Sleigh::oneInstruction C++ API, affecting downstream SLEIGH library consumers.","cvss":6.9,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":6.9,"epss":0.00014,"ranking_epss":0.02597,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/NationalSecurityAgency/ghidra/commit/8a3018d5efcb07d2ec40bacdd6063cb6f01c8edf","https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-gqh9-2c72-wpjc","https://www.vulncheck.com/advisories/ghidra-heap-use-after-free-in-sleighbuilder-generatepointeradd-via-vector-reallocation","https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-gqh9-2c72-wpjc"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T14:16:34","euvd":{"id":"EUVD-2026-36005","description":"Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries through the public Sleigh::oneInstruction C++ API, affecting downstream SLEIGH library consumers.","published_time":"2026-06-10T12:37:30","cvss":6.9,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-gqh9-2c72-wpjc","https://github.com/NationalSecurityAgency/ghidra/commit/8a3018d5efcb07d2ec40bacdd6063cb6f01c8edf","https://www.vulncheck.com/advisories/ghidra-heap-use-after-free-in-sleighbuilder-generatepointeradd-via-vector-reallocation"],"products":["Ghidra"],"vendors":["NationalSecurityAgency"]}},{"cve_id":"CVE-2026-49497","summary":"Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak CRC32 hashes of arbitrary files during automatic DWARF analysis.","cvss":4.6,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":3.3,"cvss_v4":4.6,"epss":0.00011,"ranking_epss":0.01453,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-57g6-7qw2-p5hx","https://www.vulncheck.com/advisories/ghidra-path-traversal-via-gnu-debuglink-in-dwarf-external-debug-file-resolution"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T14:16:34","euvd":{"id":"EUVD-2026-36006","description":"Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak CRC32 hashes of arbitrary files during automatic DWARF analysis.","published_time":"2026-06-10T12:37:59","cvss":4.6,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-57g6-7qw2-p5hx","https://www.vulncheck.com/advisories/ghidra-path-traversal-via-gnu-debuglink-in-dwarf-external-debug-file-resolution"],"products":["Ghidra"],"vendors":["NationalSecurityAgency"]}},{"cve_id":"CVE-2026-49498","summary":"Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username parameters in PasswordChange network messages to escalate to PostgreSQL superuser privileges and gain full database control.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":8.7,"epss":0.0003,"ranking_epss":0.09248,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-vv7r-2rhf-5h7g","https://www.vulncheck.com/advisories/ghidra-sql-injection-in-postgresql-password-change-via-unescaped-username"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T14:16:34","euvd":{"id":"EUVD-2026-36007","description":"Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username parameters in PasswordChange network messages to escalate to PostgreSQL superuser privileges and gain full database control.","published_time":"2026-06-10T12:38:34","cvss":8.7,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-vv7r-2rhf-5h7g","https://www.vulncheck.com/advisories/ghidra-sql-injection-in-postgresql-password-change-via-unescaped-username"],"products":["Ghidra"],"vendors":["NationalSecurityAgency"]}},{"cve_id":"CVE-2025-71329","summary":"image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":8.7,"epss":0.00098,"ranking_epss":0.26891,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://joshua.hu/image-size-infinite-loop-dos-vulnerabilities","https://web.archive.org/web/20260224152152/https://github.com/image-size/image-size/pull/439","https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-jxl-heif-parser"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T14:16:30","euvd":{"id":"EUVD-2025-210106","description":"image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application.","published_time":"2026-06-10T13:04:30","cvss":8.7,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://joshua.hu/image-size-infinite-loop-dos-vulnerabilities","https://web.archive.org/web/20260224152152/https://github.com/image-size/image-size/pull/439","https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-jxl-heif-parser"],"products":["image-size","image-size"],"vendors":["image-size"]}},{"cve_id":"CVE-2025-71330","summary":"image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to trigger an infinite loop in the ICNS parser, as the offset is never incremented when the entry length field is 0, causing the while loop condition to remain true indefinitely.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":8.7,"epss":0.00098,"ranking_epss":0.26891,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://joshua.hu/image-size-infinite-loop-dos-vulnerabilities","https://web.archive.org/web/20260224152152/https://github.com/image-size/image-size/pull/439","https://www.vulncheck.com/advisories/image-size-denial-of-service-via-malformed-icns-image-parsing"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T14:16:30","euvd":{"id":"EUVD-2025-210105","description":"image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to trigger an infinite loop in the ICNS parser, as the offset is never incremented when the entry length field is 0, causing the while loop condition to remain true indefinitely.","published_time":"2026-06-10T13:02:04","cvss":8.7,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://joshua.hu/image-size-infinite-loop-dos-vulnerabilities","https://web.archive.org/web/20260224152152/https://github.com/image-size/image-size/pull/439","https://www.vulncheck.com/advisories/image-size-denial-of-service-via-malformed-icns-image-parsing"],"products":["image-size","image-size"],"vendors":["image-size"]}},{"cve_id":"CVE-2024-58350","summary":"Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiting the unsafe destruction order that causes iteration over deallocated memory.","cvss":2.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":2.9,"cvss_v4":2.1,"epss":0.00013,"ranking_epss":0.02243,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-4g43-2f29-xvp4","https://www.vulncheck.com/advisories/ghidra-use-after-free-in-sleigh-backend-via-static-initialization-order"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T14:16:28","euvd":{"id":"EUVD-2024-55616","description":"Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiting the unsafe destruction order that causes iteration over deallocated memory.","published_time":"2026-06-10T12:36:08","cvss":2.1,"cvss_version":"4.0","epss":0.0,"assigner":"VulnCheck","references":["https://github.com/NationalSecurityAgency/ghidra/security/advisories/GHSA-4g43-2f29-xvp4","https://www.vulncheck.com/advisories/ghidra-use-after-free-in-sleigh-backend-via-static-initialization-order"],"products":["Ghidra"],"vendors":["NationalSecurityAgency"]}},{"cve_id":"CVE-2026-11859","summary":"An HTML injection vulnerability in the \"fetch links\" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that render HTML emails.\n\n\nThis issue affects Canarytokens: from Docker tag sha-c0f3cf142 before sha-08c3f93d, from Git commit c0f3cf142 before 08c3f93d.","cvss":2.0,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":2.0,"epss":0.00047,"ranking_epss":0.15025,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/thinkst/canarytokens/security/advisories/GHSA-55jf-cqr9-r7p4"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T12:16:25","euvd":{"id":"EUVD-2026-36001","description":"An HTML injection vulnerability in the \"fetch links\" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that render HTML emails.\n\n\nThis issue affects Canarytokens: from Docker tag sha-c0f3cf142 before sha-08c3f93d, from Git commit c0f3cf142 before 08c3f93d.","published_time":"2026-06-10T11:35:14","cvss":2.0,"cvss_version":"4.0","epss":0.0005,"assigner":"ThinkstAppliedResearch","references":["https://github.com/thinkst/canarytokens/security/advisories/GHSA-55jf-cqr9-r7p4"],"products":["canarytokens","canarytokens"],"vendors":["Thinkst Applied Research"]}},{"cve_id":"CVE-2026-24066","summary":"Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the client's signing certificate and does not verify that the certificate chains to a trusted code-signing authority. A local attacker can sign a malicious client with a self-signed certificate containing the expected organizational unit value and connect to the privileged XPC service. This allows unauthorized access to privileged helper functionality and may lead to local privilege escalation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"cvss_v4":null,"epss":9e-05,"ranking_epss":0.01002,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://r.sec-consult.com/slate","https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-in-slate-digital-connect/"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T12:16:25","euvd":{"id":"EUVD-2026-36002","description":"Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the client's signing certificate and does not verify that the certificate chains to a trusted code-signing authority. A local attacker can sign a malicious client with a self-signed certificate containing the expected organizational unit value and connect to the privileged XPC service. This allows unauthorized access to privileged helper functionality and may lead to local privilege escalation.","published_time":"2026-06-10T11:43:53","cvss":8.4,"cvss_version":"3.1","epss":0.0001,"assigner":"SEC-VLab","references":["https://r.sec-consult.com/slate"],"products":["Slate Digital Connect"],"vendors":["Slate Digital LLC"]}},{"cve_id":"CVE-2026-24067","summary":"Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and using it to retrieve code-signing information for the process. This PID-based client validation is subject to a time-of-check time-of-use race condition because process identifiers can be reused. A local attacker can exploit PID reuse so that validation is performed against a trusted process instead of the original connecting process. This allows unauthorized access to privileged helper functionality and may lead to local privilege escalation.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02714,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://r.sec-consult.com/slate","https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-in-slate-digital-connect/"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T12:16:25","euvd":{"id":"EUVD-2026-36000","description":"Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by obtaining the client's process identifier and using it to retrieve code-signing information for the process. This PID-based client validation is subject to a time-of-check time-of-use race condition because process identifiers can be reused. A local attacker can exploit PID reuse so that validation is performed against a trusted process instead of the original connecting process. This allows unauthorized access to privileged helper functionality and may lead to local privilege escalation.","published_time":"2026-06-10T11:49:10","cvss":8.4,"cvss_version":"3.1","epss":0.0002,"assigner":"SEC-VLab","references":["https://r.sec-consult.com/slate"],"products":["Slate Digital Connect"],"vendors":["Slate Digital LLC"]}},{"cve_id":"CVE-2026-11852","summary":"Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.08175,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://salsa.debian.org/freexian-team/debusine/-/commit/98104f46dc546a27a0326d5ef728ac7f426c430a","https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2836","https://salsa.debian.org/freexian-team/debusine/-/work_items/1499"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T10:16:31","euvd":{"id":"EUVD-2026-35998","description":"Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question.","published_time":"2026-06-10T09:10:21","cvss":6.5,"cvss_version":"3.1","epss":0.0001,"assigner":"debian","references":["https://salsa.debian.org/freexian-team/debusine/-/work_items/1499","https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2836","https://salsa.debian.org/freexian-team/debusine/-/commit/98104f46dc546a27a0326d5ef728ac7f426c430a"],"products":["debusine"],"vendors":["Debian"]}},{"cve_id":"CVE-2026-11853","summary":"Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully user-controlled paths. The mergeuploads task could be abused to create arbitrary symbolic links on a worker, overwriting any file that the worker user has access to.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.15141,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://salsa.debian.org/freexian-team/debusine/-/commit/c24cdc49fb258714767546bdec5b09f8065d414e","https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3103","https://salsa.debian.org/freexian-team/debusine/-/work_items/1484"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T10:16:31","euvd":{"id":"EUVD-2026-35999","description":"Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully user-controlled paths. The mergeuploads task could be abused to create arbitrary symbolic links on a worker, overwriting any file that the worker user has access to.","published_time":"2026-06-10T09:10:30","cvss":6.5,"cvss_version":"3.1","epss":0.0002,"assigner":"debian","references":["https://salsa.debian.org/freexian-team/debusine/-/work_items/1484","https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3103","https://salsa.debian.org/freexian-team/debusine/-/commit/c24cdc49fb258714767546bdec5b09f8065d414e"],"products":["debusine"],"vendors":["Debian"]}},{"cve_id":"CVE-2026-3018","summary":"The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriber_id’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09057,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://plugins.trac.wordpress.org/browser/newsletters-lite/tags/4.11/wp-mailinglist-plugin.php#L6040","https://plugins.trac.wordpress.org/changeset/3566485/newsletters-lite","https://www.wordfence.com/threat-intel/vulnerabilities/id/8e2672b5-64a2-4b30-b0be-2a9303d46ac1?source=cve"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T10:16:31","euvd":{"id":"EUVD-2026-35997","description":"The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriber_id’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","published_time":"2026-06-10T08:28:20","cvss":7.5,"cvss_version":"3.1","epss":0.0007,"assigner":"Wordfence","references":["https://www.wordfence.com/threat-intel/vulnerabilities/id/8e2672b5-64a2-4b30-b0be-2a9303d46ac1?source=cve","https://plugins.trac.wordpress.org/browser/newsletters-lite/tags/4.11/wp-mailinglist-plugin.php#L6040","https://plugins.trac.wordpress.org/changeset/3566485/newsletters-lite"],"products":["Newsletters"],"vendors":["contrid"]}},{"cve_id":"CVE-2025-6254","summary":"The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreat_process_registration() function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers to register as an administrator user.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.09343,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://themeforest.net/item/doctreat-doctors-directory-wordpress-theme/24867777","https://www.wordfence.com/threat-intel/vulnerabilities/id/5fa37909-932c-4879-bbf0-8b44cc995cc0?source=cve"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T10:16:29","euvd":{"id":"EUVD-2025-210104","description":"The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to the doctreat_process_registration() function not properly restricting the roles that a user can register with. This makes it possible for unauthenticated attackers to register as an administrator user.","published_time":"2026-06-10T08:28:20","cvss":9.8,"cvss_version":"3.1","epss":0.0003,"assigner":"Wordfence","references":["https://www.wordfence.com/threat-intel/vulnerabilities/id/5fa37909-932c-4879-bbf0-8b44cc995cc0?source=cve","https://themeforest.net/item/doctreat-doctors-directory-wordpress-theme/24867777"],"products":["Doctreat Core"],"vendors":["AmentoTech"]}},{"cve_id":"CVE-2026-8613","summary":"The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'title_tag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This affects the Posts Timeline widget as well as the Posts Carousel widget across its default, Banner, and Modern skins, all of which omit the whitelist validation that is correctly applied in the Posts List widget.","cvss":6.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.4,"cvss_v4":null,"epss":0.00042,"ranking_epss":0.13321,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://plugins.trac.wordpress.org/browser/athemes-addons-for-elementor-lite/tags/1.1.8/inc/functions.php#L1375","https://plugins.trac.wordpress.org/browser/athemes-addons-for-elementor-lite/tags/1.1.8/inc/modules/widgets/posts-carousel/class-posts-carousel.php#L1413","https://plugins.trac.wordpress.org/browser/athemes-addons-for-elementor-lite/tags/1.1.8/inc/modules/widgets/posts-carousel/skins/class-posts-carousel-banner.php#L226","https://plugins.trac.wordpress.org/browser/athemes-addons-for-elementor-lite/tags/1.1.8/inc/modules/widgets/posts-carousel/skins/class-posts-carousel-modern.php#L208","https://plugins.trac.wordpress.org/browser/athemes-addons-for-elementor-lite/tags/1.1.8/inc/modules/widgets/posts-timeline/class-posts-timeline.php#L1351","https://plugins.trac.wordpress.org/browser/athemes-addons-for-elementor-lite/tags/1.1.9/inc/functions.php#L1374","https://plugins.trac.wordpress.org/changeset?old_path=/athemes-addons-for-elementor-lite/tags/1.1.8&new_path=/athemes-addons-for-elementor-lite/tags/1.1.9","https://www.wordfence.com/threat-intel/vulnerabilities/id/2e7aed9e-1b56-4ce6-b338-1d9ab80594c3?source=cve"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T08:16:25","euvd":{"id":"EUVD-2026-35996","description":"The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'title_tag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This affects the Posts Timeline widget as well as the Posts Carousel widget across its default, Banner, and Modern skins, all of which omit the whitelist validation that is correctly applied in the Posts List widget.","published_time":"2026-06-10T07:50:56","cvss":6.4,"cvss_version":"3.1","epss":0.0004,"assigner":"Wordfence","references":["https://www.wordfence.com/threat-intel/vulnerabilities/id/2e7aed9e-1b56-4ce6-b338-1d9ab80594c3?source=cve","https://plugins.trac.wordpress.org/browser/athemes-addons-for-elementor-lite/tags/1.1.8/inc/modules/widgets/posts-timeline/class-posts-timeline.php#L1351","https://plugins.trac.wordpress.org/browser/athemes-addons-for-elementor-lite/tags/1.1.8/inc/modules/widgets/posts-carousel/class-posts-carousel.php#L1413","https://plugins.trac.wordpress.org/browser/athemes-addons-for-elementor-lite/tags/1.1.8/inc/modules/widgets/posts-carousel/skins/class-posts-carousel-banner.php#L226","https://plugins.trac.wordpress.org/browser/athemes-addons-for-elementor-lite/tags/1.1.8/inc/modules/widgets/posts-carousel/skins/class-posts-carousel-modern.php#L208","https://plugins.trac.wordpress.org/browser/athemes-addons-for-elementor-lite/tags/1.1.8/inc/functions.php#L1375","https://plugins.trac.wordpress.org/changeset?old_path=/athemes-addons-for-elementor-lite/tags/1.1.8&new_path=/athemes-addons-for-elementor-lite/tags/1.1.9","https://plugins.trac.wordpress.org/browser/athemes-addons-for-elementor-lite/tags/1.1.9/inc/functions.php#L1374"],"products":["aThemes Addons for Elementor"],"vendors":["smub"]}},{"cve_id":"CVE-2026-8853","summary":"The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Because the memo value is stored via update_post_meta() rather than wp_insert_post(), WordPress's built-in kses and unfiltered_html protections do not apply, allowing attackers to break out of the textarea element via injected closing tags regardless of role-based content filtering.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.10257,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://plugins.trac.wordpress.org/browser/mw-wp-form/tags/5.1.0/classes/controllers/class.contact-data.php#L134","https://plugins.trac.wordpress.org/browser/mw-wp-form/tags/5.1.0/templates/contact-data/detail.php#L77","https://plugins.trac.wordpress.org/browser/mw-wp-form/tags/5.1.3/classes/controllers/class.contact-data.php#L134","https://plugins.trac.wordpress.org/browser/mw-wp-form/tags/5.1.3/templates/contact-data/detail.php#L77","https://plugins.trac.wordpress.org/changeset?old_path=mw-wp-form/tags/5.1.3&new_path=mw-wp-form/tags/5.1.4","https://www.wordfence.com/threat-intel/vulnerabilities/id/2a6dfdec-c1c6-4300-ab0a-9fd1c550d09f?source=cve"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T08:16:25","euvd":{"id":"EUVD-2026-35995","description":"The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Because the memo value is stored via update_post_meta() rather than wp_insert_post(), WordPress's built-in kses and unfiltered_html protections do not apply, allowing attackers to break out of the textarea element via injected closing tags regardless of role-based content filtering.","published_time":"2026-06-10T07:50:55","cvss":4.4,"cvss_version":"3.1","epss":0.0003,"assigner":"Wordfence","references":["https://www.wordfence.com/threat-intel/vulnerabilities/id/2a6dfdec-c1c6-4300-ab0a-9fd1c550d09f?source=cve","https://plugins.trac.wordpress.org/browser/mw-wp-form/tags/5.1.3/templates/contact-data/detail.php#L77","https://plugins.trac.wordpress.org/browser/mw-wp-form/tags/5.1.3/classes/controllers/class.contact-data.php#L134","https://plugins.trac.wordpress.org/browser/mw-wp-form/tags/5.1.0/templates/contact-data/detail.php#L77","https://plugins.trac.wordpress.org/browser/mw-wp-form/tags/5.1.0/classes/controllers/class.contact-data.php#L134","https://plugins.trac.wordpress.org/changeset?old_path=mw-wp-form/tags/5.1.3&new_path=mw-wp-form/tags/5.1.4"],"products":["MW WP Form"],"vendors":["websoudan"]}},{"cve_id":"CVE-2026-9019","summary":"The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'grid[properties][borderColor]' and 'grid[images][N][attachment_url]' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Because the data is stored via update_post_meta() rather than wp_insert_post() post content, WordPress's unfiltered_html restriction does not apply, meaning Authors cannot be blocked from this attack path by capability controls alone.","cvss":6.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.4,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.11115,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://plugins.trac.wordpress.org/browser/easy-image-collage/tags/1.13.6/helpers/ajax.php#L16","https://plugins.trac.wordpress.org/browser/easy-image-collage/tags/1.13.6/helpers/layouts.php#L261","https://plugins.trac.wordpress.org/browser/easy-image-collage/tags/1.13.6/helpers/models/grid.php#L39","https://plugins.trac.wordpress.org/browser/easy-image-collage/tags/1.13.6/helpers/shortcode.php#L42","https://plugins.trac.wordpress.org/changeset?old_path=easy-image-collage/tags/1.13.6&new_path=easy-image-collage/tags/2.0.0","https://www.wordfence.com/threat-intel/vulnerabilities/id/4feaad82-f94e-49f5-8e8b-67ba220b1c71?source=cve"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T08:16:25","euvd":{"id":"EUVD-2026-35993","description":"The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'grid[properties][borderColor]' and 'grid[images][N][attachment_url]' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Because the data is stored via update_post_meta() rather than wp_insert_post() post content, WordPress's unfiltered_html restriction does not apply, meaning Authors cannot be blocked from this attack path by capability controls alone.","published_time":"2026-06-10T06:48:28","cvss":6.4,"cvss_version":"3.1","epss":0.0004,"assigner":"Wordfence","references":["https://www.wordfence.com/threat-intel/vulnerabilities/id/4feaad82-f94e-49f5-8e8b-67ba220b1c71?source=cve","https://plugins.trac.wordpress.org/browser/easy-image-collage/tags/1.13.6/helpers/shortcode.php#L42","https://plugins.trac.wordpress.org/browser/easy-image-collage/tags/1.13.6/helpers/layouts.php#L261","https://plugins.trac.wordpress.org/browser/easy-image-collage/tags/1.13.6/helpers/models/grid.php#L39","https://plugins.trac.wordpress.org/browser/easy-image-collage/tags/1.13.6/helpers/ajax.php#L16","https://plugins.trac.wordpress.org/changeset?old_path=easy-image-collage/tags/1.13.6&new_path=easy-image-collage/tags/2.0.0"],"products":["Easy Image Collage"],"vendors":["brechtvds"]}},{"cve_id":"CVE-2026-10721","summary":"Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the  in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7 for reporting.","cvss":8.4,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.4,"epss":0.00023,"ranking_epss":0.06659,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://documentation.concretecms.org/9-x/developers/introduction/version-history/952-release-notes"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T08:16:22","euvd":{"id":"EUVD-2026-35994","description":"Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the  in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7 for reporting.","published_time":"2026-06-10T06:59:03","cvss":8.4,"cvss_version":"4.0","epss":0.0002,"assigner":"ConcreteCMS","references":["https://documentation.concretecms.org/9-x/developers/introduction/version-history/952-release-notes"],"products":["Concrete CMS "],"vendors":["Concrete CMS"]}},{"cve_id":"CVE-2026-29115","summary":"A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service.","cvss":6.9,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":6.9,"epss":0.00077,"ranking_epss":0.23075,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/dhcc-sa-202606-001:-security-advisory-%E2%80%93-vulnerabilities-found-in-some-dahua-products"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T07:16:25","euvd":{"id":"EUVD-2026-35989","description":"A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service.","published_time":"2026-06-10T06:08:21","cvss":6.9,"cvss_version":"4.0","epss":0.0008,"assigner":"dahua","references":["https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/dhcc-sa-202606-001:-security-advisory-%E2%80%93-vulnerabilities-found-in-some-dahua-products"],"products":["IPC/SD"],"vendors":["Dahua"]}},{"cve_id":"CVE-2026-29116","summary":"A vulnerability has been found in some Dahua products could\nallow an unauthenticated remote attacker to send a specially crafted packet,\ntriggering an exception that causes the system to reboot unexpectedly,\nresulting in a denial of service.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.7,"epss":0.00064,"ranking_epss":0.20059,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/dhcc-sa-202606-001:-security-advisory-%E2%80%93-vulnerabilities-found-in-some-dahua-products"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T07:16:25","euvd":{"id":"EUVD-2026-35990","description":"A vulnerability has been found in some Dahua products could\nallow an unauthenticated remote attacker to send a specially crafted packet,\ntriggering an exception that causes the system to reboot unexpectedly,\nresulting in a denial of service.","published_time":"2026-06-10T06:16:34","cvss":8.7,"cvss_version":"4.0","epss":0.0006,"assigner":"dahua","references":["https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/dhcc-sa-202606-001:-security-advisory-%E2%80%93-vulnerabilities-found-in-some-dahua-products"],"products":["IPC/SD/NVR/XVR/EVS/VTO/VTH/ASI/TPC"],"vendors":["Dahua"]}},{"cve_id":"CVE-2026-3326","summary":"The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.20179,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://wpscan.com/vulnerability/2c5bdb17-8b12-45b5-878b-627056dc8956/"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T07:16:25","euvd":{"id":"EUVD-2026-35985","description":"The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection","published_time":"2026-06-10T06:00:02","cvss":8.6,"cvss_version":"3.1","epss":0.0006,"assigner":"WPScan","references":["https://wpscan.com/vulnerability/2c5bdb17-8b12-45b5-878b-627056dc8956/"],"products":["XStore"],"vendors":["Unknown"]}},{"cve_id":"CVE-2026-8071","summary":"The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user (including administrators) views the post.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00091,"ranking_epss":0.25689,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://wpscan.com/vulnerability/0d4635b5-2d79-4337-a1ad-6b8d02cfd64b/"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T07:16:25","euvd":{"id":"EUVD-2026-35986","description":"The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user (including administrators) views the post.","published_time":"2026-06-10T06:00:11","cvss":8.8,"cvss_version":"3.1","epss":0.0009,"assigner":"WPScan","references":["https://wpscan.com/vulnerability/0d4635b5-2d79-4337-a1ad-6b8d02cfd64b/"],"products":["Anti-Spam by CleanTalk. Spam protection"],"vendors":["Unknown"]}},{"cve_id":"CVE-2026-9060","summary":"The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store Locator WordPress plugin before 1.6.6 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks even when the `unfiltered_html` capability is disallowed (e.g. in a multisite network where the super admin visits the page).","cvss":3.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.07998,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://wpscan.com/vulnerability/1ed01413-09a2-4a2e-be5b-375f2a327d0d/"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T07:16:25","euvd":{"id":"EUVD-2026-35987","description":"The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store Locator WordPress plugin before 1.6.6 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks even when the `unfiltered_html` capability is disallowed (e.g. in a multisite network where the super admin visits the page).","published_time":"2026-06-10T06:00:11","cvss":3.5,"cvss_version":"3.1","epss":0.0003,"assigner":"WPScan","references":["https://wpscan.com/vulnerability/1ed01413-09a2-4a2e-be5b-375f2a327d0d/"],"products":["Store Locator WordPress"],"vendors":["Unknown"]}},{"cve_id":"CVE-2026-9067","summary":"The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any file type accepted by WordPress's media library through endpoints that should only accept images or videos.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00056,"ranking_epss":0.17785,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://wpscan.com/vulnerability/7fac98eb-f82c-4705-a956-aba650945826/"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T07:16:25","euvd":{"id":"EUVD-2026-35988","description":"The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any file type accepted by WordPress's media library through endpoints that should only accept images or videos.","published_time":"2026-06-10T06:00:12","cvss":9.1,"cvss_version":"3.1","epss":0.0006,"assigner":"WPScan","references":["https://wpscan.com/vulnerability/7fac98eb-f82c-4705-a956-aba650945826/"],"products":["Schema & Structured Data for WP & AMP"],"vendors":["Unknown"]}},{"cve_id":"CVE-2026-10846","summary":"NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as (stub) resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of the response. This makes applications, that use ldns for (stub) resolver functionality over UDP, vulnerable for off-path poisoning attacks. The drill tool, which is shipped with ldns, suffers from this vulnerability.","cvss":8.2,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.2,"epss":0.00019,"ranking_epss":0.05409,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.nlnetlabs.nl/downloads/ldns/CVE-2026-10846.txt","http://www.openwall.com/lists/oss-security/2026/06/10/2"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T07:16:24","euvd":{"id":"EUVD-2026-35991","description":"NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as (stub) resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of the response. This makes applications, that use ldns for (stub) resolver functionality over UDP, vulnerable for off-path poisoning attacks. The drill tool, which is shipped with ldns, suffers from this vulnerability.","published_time":"2026-06-10T06:37:59","cvss":8.2,"cvss_version":"4.0","epss":0.0002,"assigner":"NLnet Labs","references":["https://www.nlnetlabs.nl/downloads/ldns/CVE-2026-10846.txt"],"products":["ldns"],"vendors":["NLnet Labs"]}},{"cve_id":"CVE-2026-11815","summary":"An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution.","cvss":5.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":5.3,"epss":0.00396,"ranking_epss":0.60878,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37631"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T07:16:24","euvd":{"id":"EUVD-2026-35992","description":"An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution.","published_time":"2026-06-10T06:39:26","cvss":5.3,"cvss_version":"4.0","epss":0.004,"assigner":"symantec","references":["https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37631"],"products":["Layer 7 API Gateway"],"vendors":["Broadcom"]}},{"cve_id":"CVE-2026-29114","summary":"A vulnerability has been found in some Dahua products. An attacker\nmay obtain the device’s CA root certificate. If that CA is installed and\ntrusted on client systems, the attacker could issue fraudulent certificates\ntrusted by those clients and undermine the certificate trust chain.","cvss":2.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":2.3,"epss":0.00024,"ranking_epss":0.07138,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/dhcc-sa-202606-001:-security-advisory-%E2%80%93-vulnerabilities-found-in-some-dahua-products"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T07:16:24","euvd":{"id":"EUVD-2026-35984","description":"A vulnerability has been found in some Dahua products. An attacker\nmay obtain the device’s CA root certificate. If that CA is installed and\ntrusted on client systems, the attacker could issue fraudulent certificates\ntrusted by those clients and undermine the certificate trust chain.","published_time":"2026-06-10T05:44:50","cvss":2.3,"cvss_version":"4.0","epss":0.0002,"assigner":"dahua","references":["https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/dhcc-sa-202606-001:-security-advisory-%E2%80%93-vulnerabilities-found-in-some-dahua-products"],"products":["IPC"],"vendors":["Dahua"]}},{"cve_id":"CVE-2026-26241","summary":"A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5243 and later","cvss":5.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":5.3,"epss":0.00135,"ranking_epss":0.33124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.qnap.com/en/security-advisory/qsa-26-27"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T05:16:39","euvd":{"id":"EUVD-2026-35981","description":"A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5243 and later","published_time":"2026-06-10T05:02:29","cvss":5.3,"cvss_version":"4.0","epss":0.0014,"assigner":"qnap","references":["https://www.qnap.com/en/security-advisory/qsa-26-27"],"products":["File Station 5"],"vendors":["QNAP Systems Inc."]}},{"cve_id":"CVE-2026-11837","summary":"A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their ~/.ssh directory to redirect file ownership changes to arbitrary system paths when an operator runs the authorized_key task as root, leading to local privilege escalation.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.05961,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/security/cve/CVE-2026-11837","https://bugzilla.redhat.com/show_bug.cgi?id=2487424"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T05:16:38","euvd":{"id":"EUVD-2026-35982","description":"A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their ~/.ssh directory to redirect file ownership changes to arbitrary system paths when an operator runs the authorized_key task as root, leading to local privilege escalation.","published_time":"2026-06-10T05:03:05","cvss":7.3,"cvss_version":"3.1","epss":0.0002,"assigner":"redhat","references":["https://access.redhat.com/security/cve/CVE-2026-11837","https://bugzilla.redhat.com/show_bug.cgi?id=2487424"],"products":[],"vendors":[]}},{"cve_id":"CVE-2026-26240","summary":"A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5243 and later","cvss":5.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":5.3,"epss":0.00135,"ranking_epss":0.33124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.qnap.com/en/security-advisory/qsa-26-32"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T05:16:38","euvd":{"id":"EUVD-2026-35983","description":"A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5243 and later","published_time":"2026-06-10T05:03:37","cvss":5.3,"cvss_version":"4.0","epss":0.0014,"assigner":"qnap","references":["https://www.qnap.com/en/security-advisory/qsa-26-32"],"products":["File Station 5"],"vendors":["QNAP Systems Inc."]}},{"cve_id":"CVE-2025-8444","summary":"The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the multiple parameters in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","cvss":6.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.4,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://plugins.trac.wordpress.org/browser/animation-addons-for-elementor/trunk/assets/js/wcf-addons.min.js","https://www.wordfence.com/threat-intel/vulnerabilities/id/9d1cb486-f461-4a06-ae9a-39669109b2c0?source=cve"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T05:16:35","euvd":{"id":"EUVD-2025-210103","description":"The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the multiple parameters in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","published_time":"2026-06-10T04:31:00","cvss":6.4,"cvss_version":"3.1","epss":0.0003,"assigner":"Wordfence","references":["https://www.wordfence.com/threat-intel/vulnerabilities/id/9d1cb486-f461-4a06-ae9a-39669109b2c0?source=cve","https://plugins.trac.wordpress.org/browser/animation-addons-for-elementor/trunk/assets/js/wcf-addons.min.js"],"products":["Animation Addons for Elementor – GSAP Motion Elementor Addons & Website Templates"],"vendors":["wealcoder"]}},{"cve_id":"CVE-2026-26239","summary":"A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5208 and later","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.7,"epss":0.00134,"ranking_epss":0.32523,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.qnap.com/en/security-advisory/qsa-26-37"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T04:17:21","euvd":{"id":"EUVD-2026-35979","description":"A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5208 and later","published_time":"2026-06-10T03:15:18","cvss":8.7,"cvss_version":"4.0","epss":0.0013,"assigner":"qnap","references":["https://www.qnap.com/en/security-advisory/qsa-26-37"],"products":["File Station 5"],"vendors":["QNAP Systems Inc."]}},{"cve_id":"CVE-2026-26237","summary":"A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.9.0 and later","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.7,"epss":0.00143,"ranking_epss":0.34382,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.qnap.com/en/security-advisory/qsa-26-10"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T04:17:19","euvd":{"id":"EUVD-2026-35978","description":"A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.9.0 and later","published_time":"2026-06-10T03:15:03","cvss":8.7,"cvss_version":"4.0","epss":0.0014,"assigner":"qnap","references":["https://www.qnap.com/en/security-advisory/qsa-26-10"],"products":["QuMagie"],"vendors":["QNAP Systems Inc."]}},{"cve_id":"CVE-2026-24719","summary":"A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3492 build 20260507 and later\nQuTS hero h5.2.9.3499 build 20260514 and later","cvss":8.6,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.6,"epss":0.00521,"ranking_epss":0.67308,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.qnap.com/en/security-advisory/qsa-26-23"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T04:17:17","euvd":{"id":"EUVD-2026-35977","description":"A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3492 build 20260507 and later\nQuTS hero h5.2.9.3499 build 20260514 and later","published_time":"2026-06-10T03:14:52","cvss":8.6,"cvss_version":"4.0","epss":0.0052,"assigner":"qnap","references":["https://www.qnap.com/en/security-advisory/qsa-26-23"],"products":["QTS","QuTS hero"],"vendors":["QNAP Systems Inc."]}},{"cve_id":"CVE-2026-24720","summary":"An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5243 and later","cvss":5.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":5.3,"epss":0.00146,"ranking_epss":0.34796,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.qnap.com/en/security-advisory/qsa-26-26"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T04:17:17","euvd":{"id":"EUVD-2026-35974","description":"An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5243 and later","published_time":"2026-06-10T03:08:09","cvss":5.3,"cvss_version":"4.0","epss":0.0015,"assigner":"qnap","references":["https://www.qnap.com/en/security-advisory/qsa-26-26"],"products":["File Station 5"],"vendors":["QNAP Systems Inc."]}},{"cve_id":"CVE-2026-24724","summary":"An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5243 and later","cvss":8.6,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.6,"epss":0.00059,"ranking_epss":0.18854,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.qnap.com/en/security-advisory/qsa-26-29"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T04:17:17","euvd":{"id":"EUVD-2026-35980","description":"An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5243 and later","published_time":"2026-06-10T03:15:27","cvss":8.6,"cvss_version":"4.0","epss":0.0006,"assigner":"qnap","references":["https://www.qnap.com/en/security-advisory/qsa-26-29"],"products":["File Station 5"],"vendors":["QNAP Systems Inc."]}},{"cve_id":"CVE-2026-22899","summary":"A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5208 and later","cvss":5.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":5.3,"epss":0.00152,"ranking_epss":0.35658,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.qnap.com/en/security-advisory/qsa-26-19"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T04:17:16","euvd":{"id":"EUVD-2026-35973","description":"A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.5208 and later","published_time":"2026-06-10T03:07:48","cvss":5.3,"cvss_version":"4.0","epss":0.0015,"assigner":"qnap","references":["https://www.qnap.com/en/security-advisory/qsa-26-19"],"products":["File Station 5"],"vendors":["QNAP Systems Inc."]}},{"cve_id":"CVE-2026-24716","summary":"A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3492 build 20260507 and later\nQuTS hero h5.2.9.3499 build 20260514 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3459 build 20260409 and later","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":5.1,"epss":0.0014,"ranking_epss":0.33957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.qnap.com/en/security-advisory/qsa-26-18"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T04:17:16","euvd":{"id":"EUVD-2026-35975","description":"A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3492 build 20260507 and later\nQuTS hero h5.2.9.3499 build 20260514 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3459 build 20260409 and later","published_time":"2026-06-10T03:08:55","cvss":5.1,"cvss_version":"4.0","epss":0.0014,"assigner":"qnap","references":["https://www.qnap.com/en/security-advisory/qsa-26-18"],"products":["QuTS hero","QuTS hero","QTS","QuTS hero"],"vendors":["QNAP Systems Inc."]}},{"cve_id":"CVE-2026-24717","summary":"A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3492 build 20260507 and later\nQuTS hero h5.2.9.3499 build 20260514 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3459 build 20260409 and later","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":5.1,"epss":0.00165,"ranking_epss":0.37275,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.qnap.com/en/security-advisory/qsa-26-34"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T04:17:16","euvd":{"id":"EUVD-2026-35976","description":"A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3492 build 20260507 and later\nQuTS hero h5.2.9.3499 build 20260514 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3459 build 20260409 and later","published_time":"2026-06-10T03:14:46","cvss":5.1,"cvss_version":"4.0","epss":0.0017,"assigner":"qnap","references":["https://www.qnap.com/en/security-advisory/qsa-26-34"],"products":["QuTS hero","QuTS hero","QTS","QuTS hero"],"vendors":["QNAP Systems Inc."]}},{"cve_id":"CVE-2025-66281","summary":"A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3410 build 20260214 and later\nQuTS hero h5.2.9.3410 build 20260214 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3397 build 20260206 and later","cvss":6.9,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":6.9,"epss":0.00153,"ranking_epss":0.35833,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.qnap.com/en/security-advisory/qsa-26-10"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T04:17:14","euvd":{"id":"EUVD-2025-210102","description":"A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3410 build 20260214 and later\nQuTS hero h5.2.9.3410 build 20260214 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3397 build 20260206 and later","published_time":"2026-06-10T03:06:06","cvss":6.9,"cvss_version":"4.0","epss":0.0015,"assigner":"qnap","references":["https://www.qnap.com/en/security-advisory/qsa-26-10"],"products":["QuTS hero","QTS","QuTS hero","QuTS hero"],"vendors":["QNAP Systems Inc."]}},{"cve_id":"CVE-2026-22893","summary":"A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3410 build 20260214 and later\nQuTS hero h5.2.9.3410 build 20260214 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3459 build 20260409 and later","cvss":8.6,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.6,"epss":0.00521,"ranking_epss":0.67308,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.qnap.com/en/security-advisory/qsa-26-10"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T04:17:14","euvd":{"id":"EUVD-2026-35972","description":"A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3410 build 20260214 and later\nQuTS hero h5.2.9.3410 build 20260214 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3459 build 20260409 and later","published_time":"2026-06-10T03:06:34","cvss":8.6,"cvss_version":"4.0","epss":0.0052,"assigner":"qnap","references":["https://www.qnap.com/en/security-advisory/qsa-26-10"],"products":["QuTS hero","QTS","QuTS hero","QuTS hero"],"vendors":["QNAP Systems Inc."]}},{"cve_id":"CVE-2025-66273","summary":"A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3410 build 20260214 and later\nQuTS hero h5.2.9.3410 build 20260214 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3397 build 20260206 and later","cvss":8.6,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.6,"epss":0.00521,"ranking_epss":0.67308,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.qnap.com/en/security-advisory/qsa-26-10"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T04:17:12","euvd":{"id":"EUVD-2025-210099","description":"A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3410 build 20260214 and later\nQuTS hero h5.2.9.3410 build 20260214 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3397 build 20260206 and later","published_time":"2026-06-10T03:04:39","cvss":8.6,"cvss_version":"4.0","epss":0.0052,"assigner":"qnap","references":["https://www.qnap.com/en/security-advisory/qsa-26-10"],"products":["QuTS hero","QuTS hero","QuTS hero","QTS"],"vendors":["QNAP Systems Inc."]}},{"cve_id":"CVE-2025-66279","summary":"A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3410 build 20260214 and later\nQuTS hero h5.2.9.3410 build 20260214 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3397 build 20260206 and later","cvss":8.6,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.6,"epss":0.00521,"ranking_epss":0.67308,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.qnap.com/en/security-advisory/qsa-26-10"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T04:17:12","euvd":{"id":"EUVD-2025-210100","description":"A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3410 build 20260214 and later\nQuTS hero h5.2.9.3410 build 20260214 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3397 build 20260206 and later","published_time":"2026-06-10T03:05:38","cvss":8.6,"cvss_version":"4.0","epss":0.0052,"assigner":"qnap","references":["https://www.qnap.com/en/security-advisory/qsa-26-10"],"products":["QuTS hero","QTS","QuTS hero","QuTS hero"],"vendors":["QNAP Systems Inc."]}},{"cve_id":"CVE-2025-66280","summary":"An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3410 build 20260214 and later\nQuTS hero h5.2.9.3410 build 20260214 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3397 build 20260206 and later","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":5.1,"epss":0.00135,"ranking_epss":0.33146,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.qnap.com/en/security-advisory/qsa-26-10"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T04:17:12","euvd":{"id":"EUVD-2025-210101","description":"An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.9.3410 build 20260214 and later\nQuTS hero h5.2.9.3410 build 20260214 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3397 build 20260206 and later","published_time":"2026-06-10T03:05:59","cvss":5.1,"cvss_version":"4.0","epss":0.0014,"assigner":"qnap","references":["https://www.qnap.com/en/security-advisory/qsa-26-10"],"products":["QuTS hero","QTS","QuTS hero","QuTS hero"],"vendors":["QNAP Systems Inc."]}},{"cve_id":"CVE-2025-62851","summary":"A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.\n\nWe have already fixed the vulnerability in the following version:\nLicense Center 1.9.56 and later","cvss":6.9,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":6.9,"epss":0.00042,"ranking_epss":0.13275,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.qnap.com/en/security-advisory/qsa-26-28"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T04:17:11","euvd":{"id":"EUVD-2025-210098","description":"A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.\n\nWe have already fixed the vulnerability in the following version:\nLicense Center 1.9.56 and later","published_time":"2026-06-10T03:02:44","cvss":6.9,"cvss_version":"4.0","epss":0.0004,"assigner":"qnap","references":["https://www.qnap.com/en/security-advisory/qsa-26-28"],"products":["License Center"],"vendors":["QNAP Systems Inc."]}},{"cve_id":"CVE-2025-62850","summary":"A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQuTS hero h5.2.9.3410 build 20260214 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3459 build 20260409 and later","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":5.1,"epss":0.0014,"ranking_epss":0.33957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.qnap.com/en/security-advisory/qsa-26-38"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T04:17:07","euvd":{"id":"EUVD-2025-210097","description":"A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQuTS hero h5.2.9.3410 build 20260214 and later\nQuTS hero h5.3.4.3500 build 20260520 and later\nQuTS hero h6.0.0.3459 build 20260409 and later","published_time":"2026-06-10T02:34:24","cvss":5.1,"cvss_version":"4.0","epss":0.0014,"assigner":"qnap","references":["https://www.qnap.com/en/security-advisory/qsa-26-38"],"products":["QuTS hero","QuTS hero","QuTS hero"],"vendors":["QNAP Systems Inc."]}},{"cve_id":"CVE-2025-58468","summary":"A cross-site request forgery (CSRF) vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities.\n\nWe have already fixed the vulnerability in the following version:\nNotification Center 1.10.0.3291 and later","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":5.1,"epss":0.00049,"ranking_epss":0.15516,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.qnap.com/en/security-advisory/qsa-26-13"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T03:16:24","euvd":{"id":"EUVD-2025-210096","description":"A cross-site request forgery (CSRF) vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities.\n\nWe have already fixed the vulnerability in the following version:\nNotification Center 1.10.0.3291 and later","published_time":"2026-06-10T01:38:27","cvss":5.1,"cvss_version":"4.0","epss":0.0005,"assigner":"qnap","references":["https://www.qnap.com/en/security-advisory/qsa-26-13"],"products":["Notification Center"],"vendors":["QNAP Systems Inc."]}},{"cve_id":"CVE-2025-59382","summary":"QTS, QuTS hero, QuTScloud are not affected.\n\nWe have already fixed the vulnerability in the following version:","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":5.1,"epss":0.00042,"ranking_epss":0.1325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.qnap.com/en/security-advisory/qsa-26-10"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T03:16:24","euvd":{"id":"EUVD-2025-210095","description":"QTS, QuTS hero, QuTScloud are not affected.\n\nWe have already fixed the vulnerability in the following version:","published_time":"2026-06-10T01:38:20","cvss":5.1,"cvss_version":"4.0","epss":0.0004,"assigner":"qnap","references":["https://www.qnap.com/en/security-advisory/qsa-26-10"],"products":[],"vendors":[]}},{"cve_id":"CVE-2025-66276","summary":"QuTS hero is not affected.\n\nWe have already fixed the vulnerability in the following version:\nQTS 5.2.7.3256 build 20250913 and later","cvss":9.2,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":9.2,"epss":0.00042,"ranking_epss":0.1325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.qnap.com/en/security-advisory/qsa-25-56"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T03:16:24","euvd":{"id":"EUVD-2025-210094","description":"QuTS hero is not affected.\n\nWe have already fixed the vulnerability in the following version:\nQTS 5.2.7.3256 build 20250913 and later","published_time":"2026-06-10T01:37:43","cvss":9.2,"cvss_version":"4.0","epss":0.0004,"assigner":"qnap","references":["https://www.qnap.com/en/security-advisory/qsa-25-56"],"products":["QTS"],"vendors":["QNAP Systems Inc."]}},{"cve_id":"CVE-2026-45542","summary":"ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 (SRP6a) session-setup path of the protocomm component. The first-phase handler (handle_session_command0() in components/protocomm/src/security/security2.c) trusts the length of a client-supplied protobuf field for the SRP6a username and copies it into a buffer whose size is derived from a narrower destination type. The resulting truncation-versus-copy asymmetry corrupts the heap when an oversized value is supplied. This issue has been patched in versions 5.2.7, 5.3.6, 5.4.5, 5.5.5, and 6.0.1.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.08539,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/espressif/esp-idf/commit/0ea58d79845ad674d0358d5de246015a68c4cb4f","https://github.com/espressif/esp-idf/commit/56c3e385611e63162d0f2f8504ac4ae2ccfccef0","https://github.com/espressif/esp-idf/commit/71eb2dbe6aaef830719ecac8edf409e2992b64b2","https://github.com/espressif/esp-idf/commit/9b4cacf9cbc69379972de6a2247fcf5af9240961","https://github.com/espressif/esp-idf/commit/a2f4554f10ba075c98cbc67464db096ba32497cf","https://github.com/espressif/esp-idf/commit/f5d24a7e919bc5f447091479656b86da6762a103","https://github.com/espressif/esp-idf/security/advisories/GHSA-9r76-858f-v6jh"],"vendor":"espressif","product":"esp-idf","version":null,"published_time":"2026-06-10T02:16:33","euvd":{"id":"EUVD-2026-35918","description":"ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 (SRP6a) session-setup path of the protocomm component. The first-phase handler (handle_session_command0() in components/protocomm/src/security/security2.c) trusts the length of a client-supplied protobuf field for the SRP6a username and copies it into a buffer whose size is derived from a narrower destination type. The resulting truncation-versus-copy asymmetry corrupts the heap when an oversized value is supplied. This issue has been patched in versions 5.2.7, 5.3.6, 5.4.5, 5.5.5, and 6.0.1.","published_time":"2026-06-10T00:34:53","cvss":7.1,"cvss_version":"3.1","epss":0.0003,"assigner":"GitHub_M","references":["https://github.com/espressif/esp-idf/security/advisories/GHSA-9r76-858f-v6jh","https://github.com/espressif/esp-idf/commit/0ea58d79845ad674d0358d5de246015a68c4cb4f","https://github.com/espressif/esp-idf/commit/56c3e385611e63162d0f2f8504ac4ae2ccfccef0","https://github.com/espressif/esp-idf/commit/71eb2dbe6aaef830719ecac8edf409e2992b64b2","https://github.com/espressif/esp-idf/commit/9b4cacf9cbc69379972de6a2247fcf5af9240961","https://github.com/espressif/esp-idf/commit/a2f4554f10ba075c98cbc67464db096ba32497cf","https://github.com/espressif/esp-idf/commit/f5d24a7e919bc5f447091479656b86da6762a103"],"products":["esp-idf","esp-idf","esp-idf","esp-idf","esp-idf"],"vendors":["espressif"]}},{"cve_id":"CVE-2026-46532","summary":"ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser (avrc_pars_vendor_cmd() in components/bt/host/bluedroid/stack/avrc/avrc_pars_tg.c). This issue has been patched in versions 5.2.7, 5.3.6, 5.4.5, 5.5.4, and 6.0.1.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.08073,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/espressif/esp-idf/commit/56053c4d1f37955ccf296cf2f6dfd0f7ebd4fae6","https://github.com/espressif/esp-idf/commit/60f9362f83a05942069532f357c234cd5e5d4302","https://github.com/espressif/esp-idf/commit/7c004d3fe3022f5f0db98dd1b2d0648a3a9cfb3f","https://github.com/espressif/esp-idf/commit/8746e5f7e762ead84d2902edec34d84cdd701b2b","https://github.com/espressif/esp-idf/commit/b0959b5ab1dc60398a916c80f14b1816780c801e","https://github.com/espressif/esp-idf/commit/c53d05ae526607ca5eae9ffedaf57775eec33a4f","https://github.com/espressif/esp-idf/security/advisories/GHSA-3pp8-42fh-3j3c"],"vendor":"espressif","product":"esp-idf","version":null,"published_time":"2026-06-10T02:16:33","euvd":{"id":"EUVD-2026-35919","description":"ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser (avrc_pars_vendor_cmd() in components/bt/host/bluedroid/stack/avrc/avrc_pars_tg.c). This issue has been patched in versions 5.2.7, 5.3.6, 5.4.5, 5.5.4, and 6.0.1.","published_time":"2026-06-10T00:35:30","cvss":4.6,"cvss_version":"3.1","epss":0.0003,"assigner":"GitHub_M","references":["https://github.com/espressif/esp-idf/security/advisories/GHSA-3pp8-42fh-3j3c","https://github.com/espressif/esp-idf/commit/56053c4d1f37955ccf296cf2f6dfd0f7ebd4fae6","https://github.com/espressif/esp-idf/commit/60f9362f83a05942069532f357c234cd5e5d4302","https://github.com/espressif/esp-idf/commit/7c004d3fe3022f5f0db98dd1b2d0648a3a9cfb3f","https://github.com/espressif/esp-idf/commit/8746e5f7e762ead84d2902edec34d84cdd701b2b","https://github.com/espressif/esp-idf/commit/b0959b5ab1dc60398a916c80f14b1816780c801e","https://github.com/espressif/esp-idf/commit/c53d05ae526607ca5eae9ffedaf57775eec33a4f"],"products":["esp-idf","esp-idf","esp-idf","esp-idf","esp-idf"],"vendors":["espressif"]}},{"cve_id":"CVE-2026-45160","summary":"ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser (parse_options() in components/lwip/apps/dhcpserver/dhcpserver.c) shipped with ESP-IDF's lwIP component. The parser walks the BOOTP/DHCP options field without validating that each option's length byte and declared payload length stay within the received packet buffer. A crafted DHCP request can cause the parser to read past the end of the options buffer into adjacent heap memory. The issue affects the DHCP server used by ESP-IDF's SoftAP and any configuration where the device runs as a DHCP server on a local network. This issue has been patched in versions 5.2.8, 5.3.6, 5.4.5, 5.5.5, and 6.0.2.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.04353,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/espressif/esp-idf/commit/2bf4dd12002dbae60a4b21abff010ecb2b8ee82b","https://github.com/espressif/esp-idf/commit/2da2db43fd7e0bcff9e7b95f54f388296bb6f911","https://github.com/espressif/esp-idf/commit/8b4b5d5301815198d177974ffc24848f47748248","https://github.com/espressif/esp-idf/commit/9f713dbc94982d917f2d12964b233cd9efa4aeba","https://github.com/espressif/esp-idf/commit/d51b1076092487e533eadf8b48c9c8579d3a6712","https://github.com/espressif/esp-idf/commit/fba5f995436a3e3139f768b6d8f1a74d5ce1d318","https://github.com/espressif/esp-idf/security/advisories/GHSA-g764-gwc3-75m5"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T02:16:32","euvd":{"id":"EUVD-2026-35915","description":"ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser (parse_options() in components/lwip/apps/dhcpserver/dhcpserver.c) shipped with ESP-IDF's lwIP component. The parser walks the BOOTP/DHCP options field without validating that each option's length byte and declared payload length stay within the received packet buffer. A crafted DHCP request can cause the parser to read past the end of the options buffer into adjacent heap memory. The issue affects the DHCP server used by ESP-IDF's SoftAP and any configuration where the device runs as a DHCP server on a local network. This issue has been patched in versions 5.2.8, 5.3.6, 5.4.5, 5.5.5, and 6.0.2.","published_time":"2026-06-10T00:26:34","cvss":6.5,"cvss_version":"3.1","epss":0.0002,"assigner":"GitHub_M","references":["https://github.com/espressif/esp-idf/security/advisories/GHSA-g764-gwc3-75m5","https://github.com/espressif/esp-idf/commit/2bf4dd12002dbae60a4b21abff010ecb2b8ee82b","https://github.com/espressif/esp-idf/commit/2da2db43fd7e0bcff9e7b95f54f388296bb6f911","https://github.com/espressif/esp-idf/commit/8b4b5d5301815198d177974ffc24848f47748248","https://github.com/espressif/esp-idf/commit/9f713dbc94982d917f2d12964b233cd9efa4aeba","https://github.com/espressif/esp-idf/commit/d51b1076092487e533eadf8b48c9c8579d3a6712","https://github.com/espressif/esp-idf/commit/fba5f995436a3e3139f768b6d8f1a74d5ce1d318"],"products":["esp-idf","esp-idf","esp-idf","esp-idf","esp-idf"],"vendors":["espressif"]}},{"cve_id":"CVE-2026-45328","summary":"ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c that bridge calls from the user application (i.e. the REE) to TEE-protected hardware peripherals (AES, SHA, ECC, HMAC, SPI, MMU, WDT) and to the security feature like attestation, OTA updates, secure storage. This issue has been patched in versions 5.5.5 and 6.0.1.","cvss":9.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.3,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04884,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/espressif/esp-idf/commit/145ba4c42dc8283054cfde9a1c3470db7399192f","https://github.com/espressif/esp-idf/commit/440a5d1906502023f2a0fb0aecbdf0602d14acbf","https://github.com/espressif/esp-idf/commit/764626a1b7c85b943d207da08a2f8f7d7f3def4d","https://github.com/espressif/esp-idf/commit/7867f4a57560bf9fc4a931e37ba02b7a3e9f406b","https://github.com/espressif/esp-idf/commit/afd14ab113acd0ca369965404c99ac42e74d4fcd","https://github.com/espressif/esp-idf/commit/eebabaff2fdc273b1530fe66e55fb3bcd181dfd6","https://github.com/espressif/esp-idf/security/advisories/GHSA-mmgp-73p4-92xp"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T02:16:32","euvd":{"id":"EUVD-2026-35916","description":"ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c that bridge calls from the user application (i.e. the REE) to TEE-protected hardware peripherals (AES, SHA, ECC, HMAC, SPI, MMU, WDT) and to the security feature like attestation, OTA updates, secure storage. This issue has been patched in versions 5.5.5 and 6.0.1.","published_time":"2026-06-10T00:33:43","cvss":9.3,"cvss_version":"3.1","epss":0.0002,"assigner":"GitHub_M","references":["https://github.com/espressif/esp-idf/security/advisories/GHSA-mmgp-73p4-92xp","https://github.com/espressif/esp-idf/commit/145ba4c42dc8283054cfde9a1c3470db7399192f","https://github.com/espressif/esp-idf/commit/440a5d1906502023f2a0fb0aecbdf0602d14acbf","https://github.com/espressif/esp-idf/commit/764626a1b7c85b943d207da08a2f8f7d7f3def4d","https://github.com/espressif/esp-idf/commit/7867f4a57560bf9fc4a931e37ba02b7a3e9f406b","https://github.com/espressif/esp-idf/commit/afd14ab113acd0ca369965404c99ac42e74d4fcd","https://github.com/espressif/esp-idf/commit/eebabaff2fdc273b1530fe66e55fb3bcd181dfd6"],"products":["esp-idf","esp-idf"],"vendors":["espressif"]}},{"cve_id":"CVE-2026-45329","summary":"ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked. Because the underlying TEE-protected hardware peripherals (e.g., ECC, SHA, SPI) run in RISC-V machine mode (M-mode) with full address-space access, a caller could supply pointers into TEE-exclusive memory as inputs, causing the peripheral to read TEE memory and return results derived from it to the REE. Depending on the wrapper, the result contains raw bytes from TEE memory, a computed function of TEE memory recoverable through repeated calls, or a single bit per call that forms an oracle for incremental disclosure of TEE-resident sensitive data. This issue has been patched in versions 5.5.5 and 6.0.1.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.05086,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/espressif/esp-idf/commit/145ba4c42dc8283054cfde9a1c3470db7399192f","https://github.com/espressif/esp-idf/commit/7867f4a57560bf9fc4a931e37ba02b7a3e9f406b","https://github.com/espressif/esp-idf/commit/eebabaff2fdc273b1530fe66e55fb3bcd181dfd6","https://github.com/espressif/esp-idf/security/advisories/GHSA-w82j-7q63-7pqm"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T02:16:32","euvd":{"id":"EUVD-2026-35917","description":"ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked. Because the underlying TEE-protected hardware peripherals (e.g., ECC, SHA, SPI) run in RISC-V machine mode (M-mode) with full address-space access, a caller could supply pointers into TEE-exclusive memory as inputs, causing the peripheral to read TEE memory and return results derived from it to the REE. Depending on the wrapper, the result contains raw bytes from TEE memory, a computed function of TEE memory recoverable through repeated calls, or a single bit per call that forms an oracle for incremental disclosure of TEE-resident sensitive data. This issue has been patched in versions 5.5.5 and 6.0.1.","published_time":"2026-06-10T00:34:09","cvss":7.1,"cvss_version":"3.1","epss":0.0002,"assigner":"GitHub_M","references":["https://github.com/espressif/esp-idf/security/advisories/GHSA-w82j-7q63-7pqm","https://github.com/espressif/esp-idf/commit/145ba4c42dc8283054cfde9a1c3470db7399192f","https://github.com/espressif/esp-idf/commit/7867f4a57560bf9fc4a931e37ba02b7a3e9f406b","https://github.com/espressif/esp-idf/commit/eebabaff2fdc273b1530fe66e55fb3bcd181dfd6"],"products":["esp-idf","esp-idf"],"vendors":["espressif"]}},{"cve_id":"CVE-2026-45541","summary":"ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esp_http_server component. While parsing the client-supplied Sec-WebSocket-Protocol request header during the WebSocket handshake, the tokenisation result is dereferenced without a NULL check, so a malformed header value can crash the server before any application-level authentication runs. This issue has been patched in versions 5.2.7, 5.3.6, 5.4.5, 5.5.5, and 6.0.1.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00121,"ranking_epss":0.30681,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/espressif/esp-idf/commit/00a2f7fbbbd8fe6d04729022e1d5c9a49435bfe8","https://github.com/espressif/esp-idf/commit/0dc4ee7537f3b12350f5966cecacd59bba840ec6","https://github.com/espressif/esp-idf/commit/37508ab91124ef426a7396d30f79eba1162700c7","https://github.com/espressif/esp-idf/commit/9fc0ca13b3b85b98d32b98cd9dc8ff9d82642b7b","https://github.com/espressif/esp-idf/commit/dc46dc51359749e50617eb70d6f9ae298adc4fff","https://github.com/espressif/esp-idf/commit/f88a47e4f37fb11ae4b0908cd5c80059d83198c6","https://github.com/espressif/esp-idf/security/advisories/GHSA-3j8v-xgrq-5vg8"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T02:16:32","euvd":{"id":"EUVD-2026-35914","description":"ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esp_http_server component. While parsing the client-supplied Sec-WebSocket-Protocol request header during the WebSocket handshake, the tokenisation result is dereferenced without a NULL check, so a malformed header value can crash the server before any application-level authentication runs. This issue has been patched in versions 5.2.7, 5.3.6, 5.4.5, 5.5.5, and 6.0.1.","published_time":"2026-06-10T00:25:59","cvss":7.5,"cvss_version":"3.1","epss":0.0012,"assigner":"GitHub_M","references":["https://github.com/espressif/esp-idf/security/advisories/GHSA-3j8v-xgrq-5vg8","https://github.com/espressif/esp-idf/commit/00a2f7fbbbd8fe6d04729022e1d5c9a49435bfe8","https://github.com/espressif/esp-idf/commit/0dc4ee7537f3b12350f5966cecacd59bba840ec6","https://github.com/espressif/esp-idf/commit/37508ab91124ef426a7396d30f79eba1162700c7","https://github.com/espressif/esp-idf/commit/9fc0ca13b3b85b98d32b98cd9dc8ff9d82642b7b","https://github.com/espressif/esp-idf/commit/dc46dc51359749e50617eb70d6f9ae298adc4fff","https://github.com/espressif/esp-idf/commit/f88a47e4f37fb11ae4b0908cd5c80059d83198c6"],"products":["esp-idf","esp-idf","esp-idf","esp-idf","esp-idf"],"vendors":["espressif"]}},{"cve_id":"CVE-2026-46546","summary":"Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to an attacker-chosen URL. This issue has been patched in version 2.53.0.","cvss":2.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":2.1,"epss":0.00047,"ranking_epss":0.14874,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/frappe/lms/security/advisories/GHSA-2x47-gr9q-w6fv"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T01:16:28","euvd":{"id":"EUVD-2026-35912","description":"Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to an attacker-chosen URL. This issue has been patched in version 2.53.0.","published_time":"2026-06-09T23:54:06","cvss":2.1,"cvss_version":"4.0","epss":0.0005,"assigner":"GitHub_M","references":["https://github.com/frappe/lms/security/advisories/GHSA-2x47-gr9q-w6fv"],"products":["LMS"],"vendors":["frappe"]}},{"cve_id":"CVE-2026-44634","summary":"SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleble_write function (local, caller-controlled input). A stack overflow vulnerability when processing manufacturer-specific data in BLE advertisements (remote, no pairing or connection required). Lastly, a stack overflow vulnerability when processing service data in BLE advertisements (remote, no pairing or connection required). This issue has been patched in version 0.14.0.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.7,"epss":0.00042,"ranking_epss":0.13319,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/simpleble/simpleble/commit/1501d59d76a4280268372afb1b157bf6caeacba6","https://github.com/simpleble/simpleble/pull/466","https://github.com/simpleble/simpleble/releases/tag/v0.14.0","https://github.com/simpleble/simpleble/security/advisories/GHSA-8h89-q8m2-c8fp"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T01:16:27","euvd":{"id":"EUVD-2026-35913","description":"SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleble_write function (local, caller-controlled input). A stack overflow vulnerability when processing manufacturer-specific data in BLE advertisements (remote, no pairing or connection required). Lastly, a stack overflow vulnerability when processing service data in BLE advertisements (remote, no pairing or connection required). This issue has been patched in version 0.14.0.","published_time":"2026-06-09T23:59:31","cvss":8.7,"cvss_version":"4.0","epss":0.0004,"assigner":"GitHub_M","references":["https://github.com/simpleble/simpleble/security/advisories/GHSA-8h89-q8m2-c8fp","https://github.com/simpleble/simpleble/pull/466","https://github.com/simpleble/simpleble/commit/1501d59d76a4280268372afb1b157bf6caeacba6","https://github.com/simpleble/simpleble/releases/tag/v0.14.0"],"products":["simpleble"],"vendors":["simpleble"]}},{"cve_id":"CVE-2026-53673","summary":"BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a user_id parameter in the request. Attackers can pass another user's identifier to the get_item_permissions_check method, which validates the supplied user_id instead of the logged-in user and is reused by the update and delete handlers, to read, reply to, or delete any user's private messages.","cvss":8.6,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":8.6,"epss":0.00022,"ranking_epss":0.06381,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://buddypress.org/","https://wordpress.org/plugins/buddypress/","https://www.vulncheck.com/advisories/buddypress-private-message-idor-via-rest-api-user-id-parameter"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:55","euvd":{"id":"EUVD-2026-35877","description":"BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a user_id parameter in the request. Attackers can pass another user's identifier to the get_item_permissions_check method, which validates the supplied user_id instead of the logged-in user and is reused by the update and delete handlers, to read, reply to, or delete any user's private messages.","published_time":"2026-06-09T23:44:20","cvss":8.6,"cvss_version":"4.0","epss":0.0002,"assigner":"VulnCheck","references":["https://buddypress.org/","https://wordpress.org/plugins/buddypress/","https://www.vulncheck.com/advisories/buddypress-private-message-idor-via-rest-api-user-id-parameter"],"products":["BuddyPress"],"vendors":["buddypress"]}},{"cve_id":"CVE-2026-53674","summary":"BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters. Attackers can submit @mentions whose metacharacters pass through esc_sql unescaped and are inserted into an unprepared REGEXP query against the users table, enabling boolean-based inference of usernames and denial of service through catastrophic backtracking.","cvss":7.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":7.1,"epss":0.00042,"ranking_epss":0.1303,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://buddypress.org/","https://wordpress.org/plugins/buddypress/","https://www.vulncheck.com/advisories/buddypress-regexp-injection-via-mention-username-resolution"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:55","euvd":{"id":"EUVD-2026-35878","description":"BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters. Attackers can submit @mentions whose metacharacters pass through esc_sql unescaped and are inserted into an unprepared REGEXP query against the users table, enabling boolean-based inference of usernames and denial of service through catastrophic backtracking.","published_time":"2026-06-09T23:44:21","cvss":7.1,"cvss_version":"4.0","epss":0.0004,"assigner":"VulnCheck","references":["https://buddypress.org/","https://wordpress.org/plugins/buddypress/","https://www.vulncheck.com/advisories/buddypress-regexp-injection-via-mention-username-resolution"],"products":["BuddyPress"],"vendors":["buddypress"]}},{"cve_id":"CVE-2026-53675","summary":"BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers can query the friends endpoint with an arbitrary user_id because the get_items_permissions_check method only verifies that the requester is logged in and never checks ownership of the requested list, resulting in disclosure of users' private social connections.","cvss":5.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":5.3,"epss":0.0002,"ranking_epss":0.059,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://buddypress.org/","https://wordpress.org/plugins/buddypress/","https://www.vulncheck.com/advisories/buddypress-friends-list-idor-via-rest-api"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:55","euvd":{"id":"EUVD-2026-35879","description":"BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers can query the friends endpoint with an arbitrary user_id because the get_items_permissions_check method only verifies that the requester is logged in and never checks ownership of the requested list, resulting in disclosure of users' private social connections.","published_time":"2026-06-09T23:44:22","cvss":5.3,"cvss_version":"4.0","epss":0.0002,"assigner":"VulnCheck","references":["https://buddypress.org/","https://wordpress.org/plugins/buddypress/","https://www.vulncheck.com/advisories/buddypress-friends-list-idor-via-rest-api"],"products":["BuddyPress"],"vendors":["buddypress"]}},{"cve_id":"CVE-2026-46539","summary":"Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::is_block_proven causes the function to return true without performing any cryptographic verification when get_interlink_hops yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election head's epoch. An attacker providing transaction inclusion proofs can forge a MacroBlock header for that epoch position and have it accepted as \"proven\" without any hash or signature verification. This issue has been patched in version 1.4.0.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02523,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/nimiq/core-rs-albatross/pull/3705","https://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0","https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-799f-29jm-gr6c"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:54","euvd":{"id":"EUVD-2026-35880","description":"Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::is_block_proven causes the function to return true without performing any cryptographic verification when get_interlink_hops yields an empty hop list. This occurs when the target block is at the election block position immediately preceding the election head's epoch. An attacker providing transaction inclusion proofs can forge a MacroBlock header for that epoch position and have it accepted as \"proven\" without any hash or signature verification. This issue has been patched in version 1.4.0.","published_time":"2026-06-09T23:44:34","cvss":5.9,"cvss_version":"3.1","epss":0.0001,"assigner":"GitHub_M","references":["https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-799f-29jm-gr6c","https://github.com/nimiq/core-rs-albatross/pull/3705","https://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0"],"products":["core-rs-albatross"],"vendors":["nimiq"]}},{"cve_id":"CVE-2026-46540","summary":"Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch() adopts a fork chain whose tip is a macro block (checkpoint or election), it only updates self.head but fails to update self.macro_head, self.election_head, self.current_validators, or store the election header in the chain_store. This is in direct contrast with the full Blockchain::rebranch() at blockchain/src/blockchain/push.rs:504-518, which correctly updates all macro/election state when the new head is a macro block. After a rebranch to a macro block, the stale macro_head causes subsequent macro blocks pushed via push() to be verified against the wrong predecessor via verify_macro_successor(&this.macro_head). If the rebranch target was an election block, the stale current_validators causes every subsequent block to fail verify_validators(), completely stalling the light client's chain progression. This issue has been patched in version 1.4.0.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.11358,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/nimiq/core-rs-albatross/pull/3706","https://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0","https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-m3pg-qc2q-mg8c"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:54","euvd":{"id":"EUVD-2026-35881","description":"Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch() adopts a fork chain whose tip is a macro block (checkpoint or election), it only updates self.head but fails to update self.macro_head, self.election_head, self.current_validators, or store the election header in the chain_store. This is in direct contrast with the full Blockchain::rebranch() at blockchain/src/blockchain/push.rs:504-518, which correctly updates all macro/election state when the new head is a macro block. After a rebranch to a macro block, the stale macro_head causes subsequent macro blocks pushed via push() to be verified against the wrong predecessor via verify_macro_successor(&this.macro_head). If the rebranch target was an election block, the stale current_validators causes every subsequent block to fail verify_validators(), completely stalling the light client's chain progression. This issue has been patched in version 1.4.0.","published_time":"2026-06-09T23:45:01","cvss":6.5,"cvss_version":"3.1","epss":0.0004,"assigner":"GitHub_M","references":["https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-m3pg-qc2q-mg8c","https://github.com/nimiq/core-rs-albatross/pull/3706","https://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0"],"products":["core-rs-albatross"],"vendors":["nimiq"]}},{"cve_id":"CVE-2026-46541","summary":"Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handle_dht_get(), the DhtResults accumulator is only initialized when the first DHT record passes verification. If the first record fails (from a malicious DHT node), DhtResults is never created, and all subsequent valid records are discarded with \"DHT inconsistent state\" errors. This issue has been patched in version 1.4.0.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11631,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/nimiq/core-rs-albatross/pull/3707","https://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0","https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-ccqv-2c9q-mqw5"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:54","euvd":{"id":"EUVD-2026-35882","description":"Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handle_dht_get(), the DhtResults accumulator is only initialized when the first DHT record passes verification. If the first record fails (from a malicious DHT node), DhtResults is never created, and all subsequent valid records are discarded with \"DHT inconsistent state\" errors. This issue has been patched in version 1.4.0.","published_time":"2026-06-09T23:45:38","cvss":7.5,"cvss_version":"3.1","epss":0.0004,"assigner":"GitHub_M","references":["https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-ccqv-2c9q-mqw5","https://github.com/nimiq/core-rs-albatross/pull/3707","https://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0"],"products":["core-rs-albatross"],"vendors":["nimiq"]}},{"cve_id":"CVE-2026-46542","summary":"Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize() in keys/src/multisig/mod.rs called .unwrap() on curve point decompression, which panics when a public key is constructed from 32 bytes that do not represent a valid point on the Ed25519 curve. Ed25519PublicKey construction only validates byte length, not curve membership, so invalid keys can reach the delinearization path and crash the hosting process. This issue has been patched in version 1.4.0.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.09571,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/nimiq/core-rs-albatross/pull/3713","https://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0","https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-h9cc-w26m-j342"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:54","euvd":{"id":"EUVD-2026-35884","description":"Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize() in keys/src/multisig/mod.rs called .unwrap() on curve point decompression, which panics when a public key is constructed from 32 bytes that do not represent a valid point on the Ed25519 curve. Ed25519PublicKey construction only validates byte length, not curve membership, so invalid keys can reach the delinearization path and crash the hosting process. This issue has been patched in version 1.4.0.","published_time":"2026-06-09T23:46:21","cvss":4.3,"cvss_version":"3.1","epss":0.0003,"assigner":"GitHub_M","references":["https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-h9cc-w26m-j342","https://github.com/nimiq/core-rs-albatross/pull/3713","https://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0"],"products":["core-rs-albatross"],"vendors":["nimiq"]}},{"cve_id":"CVE-2026-46543","summary":"Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get_epoch_chunks which iterates backwards through macro blocks using Policy::macro_block_before. When it reaches the genesis block number, macro_block_before panics with \"No macro blocks before genesis block\". This issue has been patched in version 1.5.0.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.11358,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/nimiq/core-rs-albatross/pull/3745","https://github.com/nimiq/core-rs-albatross/releases/tag/v1.5.0","https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-vghx-352f-93jm"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:54","euvd":{"id":"EUVD-2026-35890","description":"Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get_epoch_chunks which iterates backwards through macro blocks using Policy::macro_block_before. When it reaches the genesis block number, macro_block_before panics with \"No macro blocks before genesis block\". This issue has been patched in version 1.5.0.","published_time":"2026-06-09T23:47:32","cvss":5.3,"cvss_version":"3.1","epss":0.0004,"assigner":"GitHub_M","references":["https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-vghx-352f-93jm","https://github.com/nimiq/core-rs-albatross/pull/3745","https://github.com/nimiq/core-rs-albatross/releases/tag/v1.5.0"],"products":["core-rs-albatross"],"vendors":["nimiq"]}},{"cve_id":"CVE-2026-46545","summary":"Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::put_chunk allows any state-sync peer to crash any node performing state synchronization (freshly joining nodes and recovering nodes). This issue has been patched in version 1.5.0.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11631,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/nimiq/core-rs-albatross/pull/3762","https://github.com/nimiq/core-rs-albatross/releases/tag/v1.5.0","https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-mw3q-r9wh-h2ff"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:54","euvd":{"id":"EUVD-2026-35894","description":"Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::put_chunk allows any state-sync peer to crash any node performing state synchronization (freshly joining nodes and recovering nodes). This issue has been patched in version 1.5.0.","published_time":"2026-06-09T23:47:51","cvss":7.5,"cvss_version":"3.1","epss":0.0004,"assigner":"GitHub_M","references":["https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-mw3q-r9wh-h2ff","https://github.com/nimiq/core-rs-albatross/pull/3762","https://github.com/nimiq/core-rs-albatross/releases/tag/v1.5.0"],"products":["core-rs-albatross"],"vendors":["nimiq"]}},{"cve_id":"CVE-2026-47838","summary":"SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user.\n\nAffected versions:\nSpring Security 5.7.0 through 5.7.24; 5.8.0 through 5.8.26; 6.3.0 through 6.3.17; 6.4.0 through 6.4.17; 6.5.0 through 6.5.10.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.04201,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-47838"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:54","euvd":{"id":"EUVD-2026-35911","description":"SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user.\n\nAffected versions:\nSpring Security 5.7.0 through 5.7.24; 5.8.0 through 5.8.26; 6.3.0 through 6.3.17; 6.4.0 through 6.4.17; 6.5.0 through 6.5.10.","published_time":"2026-06-09T23:50:07","cvss":6.8,"cvss_version":"3.1","epss":0.0002,"assigner":"vmware","references":["https://spring.io/security/cve-2026-47838"],"products":["Spring Security","Spring Security","Spring Security","Spring Security","Spring Security"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-44716","summary":"Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner (src/pipecat/runner/run.py). When the runner is started with the --folder flag, it exposes a GET /files/{filename:path} download endpoint. The filename path parameter is concatenated directly onto args.folder with no containment check. Starlette normalises literal ../ sequences in URLs, but %2F-encoded slashes bypass this normalisation: the path parameter is URL-decoded after routing, so ..%2F..%2Fetc%2Fpasswd resolves to a path two levels above args.folder. An attacker with network access to the runner can read any file the pipecat process has permission to access — including SSH private keys, credentials, and system files — with a single unauthenticated HTTP request. This issue has been patched in version 1.2.0.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18324,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/pipecat-ai/pipecat/commit/7519c26ac5508573c35fa3a9c4717b013993d129","https://github.com/pipecat-ai/pipecat/pull/4417","https://github.com/pipecat-ai/pipecat/releases/tag/v1.2.0","https://github.com/pipecat-ai/pipecat/security/advisories/GHSA-3363-2ph6-35wh"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:53","euvd":{"id":"EUVD-2026-35875","description":"Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner (src/pipecat/runner/run.py). When the runner is started with the --folder flag, it exposes a GET /files/{filename:path} download endpoint. The filename path parameter is concatenated directly onto args.folder with no containment check. Starlette normalises literal ../ sequences in URLs, but %2F-encoded slashes bypass this normalisation: the path parameter is URL-decoded after routing, so ..%2F..%2Fetc%2Fpasswd resolves to a path two levels above args.folder. An attacker with network access to the runner can read any file the pipecat process has permission to access — including SSH private keys, credentials, and system files — with a single unauthenticated HTTP request. This issue has been patched in version 1.2.0.","published_time":"2026-06-09T23:07:25","cvss":7.5,"cvss_version":"3.1","epss":0.0006,"assigner":"GitHub_M","references":["https://github.com/pipecat-ai/pipecat/security/advisories/GHSA-3363-2ph6-35wh","https://github.com/pipecat-ai/pipecat/pull/4417","https://github.com/pipecat-ai/pipecat/commit/7519c26ac5508573c35fa3a9c4717b013993d129","https://github.com/pipecat-ai/pipecat/releases/tag/v1.2.0"],"products":["pipecat"],"vendors":["pipecat-ai"]}},{"cve_id":"CVE-2026-45782","summary":"Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same head_index while asynchronous block I/O is enabled (e.g. io_uring, aio). When the kernel completes the duplicate operation before the original, the completion path frees a bounce buffer that the kernel is still actively reading from or writing to, corrupting the freed memory. This issue has been patched in versions 51.2 and 52.0.","cvss":8.9,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.9,"epss":0.00014,"ranking_epss":0.02688,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/cloud-hypervisor/cloud-hypervisor/commit/1314ac883c641f1045bbb06dec0de045a3894baa","https://github.com/cloud-hypervisor/cloud-hypervisor/pull/8220","https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v51.2","https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v52.0","https://github.com/cloud-hypervisor/cloud-hypervisor/security/advisories/GHSA-f47p-p25q-83rh"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:53","euvd":{"id":"EUVD-2026-35870","description":"Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same head_index while asynchronous block I/O is enabled (e.g. io_uring, aio). When the kernel completes the duplicate operation before the original, the completion path frees a bounce buffer that the kernel is still actively reading from or writing to, corrupting the freed memory. This issue has been patched in versions 51.2 and 52.0.","published_time":"2026-06-09T22:53:52","cvss":8.9,"cvss_version":"4.0","epss":0.0001,"assigner":"GitHub_M","references":["https://github.com/cloud-hypervisor/cloud-hypervisor/security/advisories/GHSA-f47p-p25q-83rh","https://github.com/cloud-hypervisor/cloud-hypervisor/pull/8220","https://github.com/cloud-hypervisor/cloud-hypervisor/commit/1314ac883c641f1045bbb06dec0de045a3894baa","https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v51.2","https://github.com/cloud-hypervisor/cloud-hypervisor/releases/tag/v52.0"],"products":["cloud-hypervisor"],"vendors":["cloud-hypervisor"]}},{"cve_id":"CVE-2026-46411","summary":"FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and therefore causes a server abort. This issue has been patched in version 1.26.2.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.11538,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/halfgaar/FlashMQ/commit/29e08f7b97b6e3f96db923c2b6a260c47b49c195","https://github.com/halfgaar/FlashMQ/releases/tag/v1.26.2","https://github.com/halfgaar/FlashMQ/security/advisories/GHSA-g35r-265r-rxrh"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:53","euvd":{"id":"EUVD-2026-35872","description":"FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and therefore causes a server abort. This issue has been patched in version 1.26.2.","published_time":"2026-06-09T23:01:33","cvss":6.5,"cvss_version":"3.1","epss":0.0004,"assigner":"GitHub_M","references":["https://github.com/halfgaar/FlashMQ/security/advisories/GHSA-g35r-265r-rxrh","https://github.com/halfgaar/FlashMQ/commit/29e08f7b97b6e3f96db923c2b6a260c47b49c195","https://github.com/halfgaar/FlashMQ/releases/tag/v1.26.2"],"products":["FlashMQ"],"vendors":["halfgaar"]}},{"cve_id":"CVE-2026-46432","summary":"LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded \"trust_remote_code=True\" in multiple HuggingFace model-loading call sites. At time of publication, there are no publicly available patches.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00021,"ranking_epss":0.06135,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/InternLM/lmdeploy/security/advisories/GHSA-m549-qq94-fvhg","https://github.com/InternLM/lmdeploy/security/advisories/GHSA-m549-qq94-fvhg"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:53","euvd":{"id":"EUVD-2026-35873","description":"LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded \"trust_remote_code=True\" in multiple HuggingFace model-loading call sites. At time of publication, there are no publicly available patches.","published_time":"2026-06-09T23:05:38","cvss":7.8,"cvss_version":"3.1","epss":0.0002,"assigner":"GitHub_M","references":["https://github.com/InternLM/lmdeploy/security/advisories/GHSA-m549-qq94-fvhg"],"products":["LMDeploy"],"vendors":["InternLM"]}},{"cve_id":"CVE-2026-46491","summary":"SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controlled ticket identifier. Public CAS validation/proxy endpoints pass attacker-controlled ticket / pgt query parameters into this store. In deployments using FileSystemTicketStore, a remote attacker can use path traversal sequences such as ../target.serialized to make the CAS server read and unserialize files outside the ticket directory. In the CAS 1.0 validation flow, the same attacker-selected path is also passed to deleteTicket() immediately after getTicket() returns, which can delete the target file when it is readable by the PHP process, deletable under the PHP process filesystem permissions, and unserializes to a value compatible with the ?array return type. This issue has been patched in version 7.0.3.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00119,"ranking_epss":0.30385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/b84f3e4ed57c4d97e0dc73df102e7eff831a681f","https://github.com/simplesamlphp/simplesamlphp-module-casserver/releases/tag/v7.0.3","https://github.com/simplesamlphp/simplesamlphp-module-casserver/security/advisories/GHSA-jrrg-99xh-5j2q"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:53","euvd":{"id":"EUVD-2026-35871","description":"SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controlled ticket identifier. Public CAS validation/proxy endpoints pass attacker-controlled ticket / pgt query parameters into this store. In deployments using FileSystemTicketStore, a remote attacker can use path traversal sequences such as ../target.serialized to make the CAS server read and unserialize files outside the ticket directory. In the CAS 1.0 validation flow, the same attacker-selected path is also passed to deleteTicket() immediately after getTicket() returns, which can delete the target file when it is readable by the PHP process, deletable under the PHP process filesystem permissions, and unserializes to a value compatible with the ?array return type. This issue has been patched in version 7.0.3.","published_time":"2026-06-09T23:00:11","cvss":8.6,"cvss_version":"3.1","epss":0.0012,"assigner":"GitHub_M","references":["https://github.com/simplesamlphp/simplesamlphp-module-casserver/security/advisories/GHSA-jrrg-99xh-5j2q","https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/b84f3e4ed57c4d97e0dc73df102e7eff831a681f","https://github.com/simplesamlphp/simplesamlphp-module-casserver/releases/tag/v7.0.3"],"products":["simplesamlphp-module-casserver"],"vendors":["SimpleSAMLphp"]}},{"cve_id":"CVE-2026-46517","summary":"LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded \"trust_remote_code=True\" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00014,"ranking_epss":0.02615,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/InternLM/lmdeploy/security/advisories/GHSA-9xq9-36w5-q796"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:53","euvd":{"id":"EUVD-2026-35874","description":"LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded \"trust_remote_code=True\" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches.","published_time":"2026-06-09T23:05:43","cvss":7.8,"cvss_version":"3.1","epss":0.0001,"assigner":"GitHub_M","references":["https://github.com/InternLM/lmdeploy/security/advisories/GHSA-9xq9-36w5-q796"],"products":["LMDeploy"],"vendors":["InternLM"]}},{"cve_id":"CVE-2026-46518","summary":"OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a clinician's browser session. Patient demographic fields (name, address) are rendered without output encoding in multiprintcss_header(), and portal patients can write attacker-controlled HTML directly into patient_data by calling the PUT api/patient/:num endpoint, which bypasses the intended audit review workflow. Because the XSS fires in the clinician's authenticated session on the main OpenEMR interface, the attacker can access CSRF tokens, session data, and perform actions as the clinician — crossing the patient-to-clinician trust boundary. This issue has been patched in version 8.0.0.1.","cvss":7.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.7,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.0905,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/openemr/openemr/security/advisories/GHSA-4gh4-q39r-45wf","https://github.com/openemr/openemr/security/advisories/GHSA-4gh4-q39r-45wf"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:53","euvd":{"id":"EUVD-2026-35869","description":"OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a clinician's browser session. Patient demographic fields (name, address) are rendered without output encoding in multiprintcss_header(), and portal patients can write attacker-controlled HTML directly into patient_data by calling the PUT api/patient/:num endpoint, which bypasses the intended audit review workflow. Because the XSS fires in the clinician's authenticated session on the main OpenEMR interface, the attacker can access CSRF tokens, session data, and perform actions as the clinician — crossing the patient-to-clinician trust boundary. This issue has been patched in version 8.0.0.1.","published_time":"2026-06-09T22:50:49","cvss":7.7,"cvss_version":"3.1","epss":0.0003,"assigner":"GitHub_M","references":["https://github.com/openemr/openemr/security/advisories/GHSA-4gh4-q39r-45wf"],"products":["OpenEMR"],"vendors":["OpenEMR"]}},{"cve_id":"CVE-2026-41726","summary":"When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError.\n\nAffected versions:\nSpring for Apache Kafka 4.0.0 through 4.0.5; 3.3.0 through 3.3.15; 3.2.0 through 3.2.13; 2.9.0 through 2.9.13; 2.8.0 through 2.8.11.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12298,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41726"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:52","euvd":{"id":"EUVD-2026-35903","description":"When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError.\n\nAffected versions:\nSpring for Apache Kafka 4.0.0 through 4.0.5; 3.3.0 through 3.3.15; 3.2.0 through 3.2.13; 2.9.0 through 2.9.13; 2.8.0 through 2.8.11.","published_time":"2026-06-09T23:48:51","cvss":6.5,"cvss_version":"3.1","epss":0.0004,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41726"],"products":["Spring For Apache Kafka","Spring For Apache Kafka","Spring For Apache Kafka","Spring For Apache Kafka","Spring For Apache Kafka"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-41727","summary":"Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retry_topic-attempts header to supply an out-of-range attempt count and cause the retry topic router to misidentify where the message was in the retry sequence.\n\nAffected versions:\nSpring for Apache Kafka 4.0.0 through 4.0.5; 3.3.0 through 3.3.15; 3.2.0 through 3.2.13; 2.9.0 through 2.9.13; 2.8.0 through 2.8.11.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18651,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41727"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:52","euvd":{"id":"EUVD-2026-35904","description":"Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retry_topic-attempts header to supply an out-of-range attempt count and cause the retry topic router to misidentify where the message was in the retry sequence.\n\nAffected versions:\nSpring for Apache Kafka 4.0.0 through 4.0.5; 3.3.0 through 3.3.15; 3.2.0 through 3.2.13; 2.9.0 through 2.9.13; 2.8.0 through 2.8.11.","published_time":"2026-06-09T23:49:10","cvss":6.5,"cvss_version":"3.1","epss":0.0006,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41727"],"products":["Spring For Apache Kafka","Spring For Apache Kafka","Spring For Apache Kafka","Spring For Apache Kafka","Spring For Apache Kafka"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-41728","summary":"Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer.\n\nAffected versions:\nSpring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.08458,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41728"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:52","euvd":{"id":"EUVD-2026-35905","description":"Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer.\n\nAffected versions:\nSpring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5.","published_time":"2026-06-09T23:49:13","cvss":7.5,"cvss_version":"3.1","epss":0.0003,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41728"],"products":["Spring Data REST","Spring Data REST","Spring Data REST","Spring Data REST","Spring Data REST"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-41729","summary":"Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as the map key is embedded directly into a SpEL expression without sanitization or validation.\n\nAffected versions:\nSpring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09749,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41729"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:52","euvd":{"id":"EUVD-2026-35906","description":"Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as the map key is embedded directly into a SpEL expression without sanitization or validation.\n\nAffected versions:\nSpring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5.","published_time":"2026-06-09T23:49:17","cvss":8.1,"cvss_version":"3.1","epss":0.0003,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41729"],"products":["Spring Data REST","Spring Data REST","Spring Data REST","Spring Data REST","Spring Data REST"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-41730","summary":"Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients.\n\nAffected versions:\nSpring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.08297,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41730"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:52","euvd":{"id":"EUVD-2026-35907","description":"Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients.\n\nAffected versions:\nSpring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5.","published_time":"2026-06-09T23:49:21","cvss":5.3,"cvss_version":"3.1","epss":0.0003,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41730"],"products":["Spring Data REST","Spring Data REST","Spring Data REST","Spring Data REST","Spring Data REST"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-41731","summary":"JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Combined with Jackson's default bean deserialization, a producer could supply crafted header values that caused the consumer to deserialize arbitrary JDK types.\n\nAffected versions:\nSpring for Apache Kafka 4.0.0 through 4.0.5; 3.3.0 through 3.3.15; 3.2.0 through 3.2.13; 2.9.0 through 2.9.13; 2.8.0 through 2.8.11.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12839,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41731"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:52","euvd":{"id":"EUVD-2026-35908","description":"JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Combined with Jackson's default bean deserialization, a producer could supply crafted header values that caused the consumer to deserialize arbitrary JDK types.\n\nAffected versions:\nSpring for Apache Kafka 4.0.0 through 4.0.5; 3.3.0 through 3.3.15; 3.2.0 through 3.2.13; 2.9.0 through 2.9.13; 2.8.0 through 2.8.11.","published_time":"2026-06-09T23:49:26","cvss":8.1,"cvss_version":"3.1","epss":0.0004,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41731"],"products":["Spring For Apache Kafka","Spring For Apache Kafka","Spring For Apache Kafka","Spring For Apache Kafka","Spring For Apache Kafka"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-41732","summary":"JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-packages configuration fell back to trusting all packages rather than applying a safe default allow-list.\n\nAffected versions:\nSpring for Apache Pulsar 2.0.0 through 2.0.5; 1.2.0 through 1.2.17; 1.1.0 through 1.1.17.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.14631,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41732"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:52","euvd":{"id":"EUVD-2026-35909","description":"JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-packages configuration fell back to trusting all packages rather than applying a safe default allow-list.\n\nAffected versions:\nSpring for Apache Pulsar 2.0.0 through 2.0.5; 1.2.0 through 1.2.17; 1.1.0 through 1.1.17.","published_time":"2026-06-09T23:49:31","cvss":8.1,"cvss_version":"3.1","epss":0.0005,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41732"],"products":["Spring for Apache Pulsar","Spring for Apache Pulsar","Spring for Apache Pulsar"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-41837","summary":"Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl.\n\nAffected versions:\nSpring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00028,"ranking_epss":0.08563,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41837"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:52","euvd":{"id":"EUVD-2026-35910","description":"Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl.\n\nAffected versions:\nSpring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5.","published_time":"2026-06-09T23:49:49","cvss":5.3,"cvss_version":"3.1","epss":0.0003,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41837"],"products":["Spring Data REST","Spring Data REST","Spring Data REST","Spring Data REST","Spring Data REST"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-44505","summary":"Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle_dht_get (network-libp2p/src/swarm.rs). Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the record via dht_verifier.verify(&record.record). On verifier error, handle_dht_get logs and returns early without completing the oneshot used by Network::dht_get, and without cleaning up per-query bookkeeping. Later query progress can hit the \"DHT inconsistent state\" path and also return without cleanup. Because Network::dht_get awaits the oneshot without a timeout, the caller future can hang indefinitely. This issue has been patched in version 1.4.0.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00037,"ranking_epss":0.11358,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/nimiq/core-rs-albatross/pull/3716","https://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0","https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-g39c-jcgg-qwvr"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:52","euvd":{"id":"EUVD-2026-35876","description":"Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle_dht_get (network-libp2p/src/swarm.rs). Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the record via dht_verifier.verify(&record.record). On verifier error, handle_dht_get logs and returns early without completing the oneshot used by Network::dht_get, and without cleaning up per-query bookkeeping. Later query progress can hit the \"DHT inconsistent state\" path and also return without cleanup. Because Network::dht_get awaits the oneshot without a timeout, the caller future can hang indefinitely. This issue has been patched in version 1.4.0.","published_time":"2026-06-09T23:44:20","cvss":5.3,"cvss_version":"3.1","epss":0.0004,"assigner":"GitHub_M","references":["https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-g39c-jcgg-qwvr","https://github.com/nimiq/core-rs-albatross/pull/3716","https://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0"],"products":["core-rs-albatross"],"vendors":["nimiq"]}},{"cve_id":"CVE-2026-41701","summary":"Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter.\n\nAffected versions:\nSpring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17.","cvss":4.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.4,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07537,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41701"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:51","euvd":{"id":"EUVD-2026-35895","description":"Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter.\n\nAffected versions:\nSpring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17.","published_time":"2026-06-09T23:47:54","cvss":4.4,"cvss_version":"3.1","epss":0.0003,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41701"],"products":["Spring AMQP","Spring AMQP","Spring AMQP","Spring AMQP"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-41706","summary":"Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is used without validation as the post-login redirect target.\n\nAffected versions:\nSpring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.1035,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41706"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:51","euvd":{"id":"EUVD-2026-35896","description":"Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is used without validation as the post-login redirect target.\n\nAffected versions:\nSpring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.","published_time":"2026-06-09T23:47:58","cvss":6.1,"cvss_version":"3.1","epss":0.0003,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41706"],"products":["Spring Security","Spring Security","Spring Security","Spring Security","Spring Security","Spring Security"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-41711","summary":"Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.16412,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41711"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:51","euvd":{"id":"EUVD-2026-35897","description":"Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.","published_time":"2026-06-09T23:48:12","cvss":5.9,"cvss_version":"3.1","epss":0.0005,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41711"],"products":["Spring Data Commons","Spring Data Commons","Spring Data Commons","Spring Data Commons","Spring Data Commons","Spring Data Commons","Spring Data Commons","Spring Data Commons"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-41714","summary":"Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri(\"amqps://...\") without also calling setUseSSL(true) get TLS encryption with no certificate validation and no hostname verification.\n\nAffected versions:\nSpring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17.","cvss":4.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.0,"cvss_v4":null,"epss":0.00016,"ranking_epss":0.03912,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41714"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:51","euvd":{"id":"EUVD-2026-35898","description":"Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri(\"amqps://...\") without also calling setUseSSL(true) get TLS encryption with no certificate validation and no hostname verification.\n\nAffected versions:\nSpring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17.","published_time":"2026-06-09T23:48:16","cvss":4.0,"cvss_version":"3.1","epss":0.0002,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41714"],"products":["Spring AMQP","Spring AMQP","Spring AMQP","Spring AMQP"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-41716","summary":"Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests.\n\nAffected versions:\nSpring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11; 4.0.0 through 4.0.5.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41716"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:51","euvd":{"id":"EUVD-2026-35899","description":"Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests.\n\nAffected versions:\nSpring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11; 4.0.0 through 4.0.5.","published_time":"2026-06-09T23:48:20","cvss":7.5,"cvss_version":"3.1","epss":0.0004,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41716"],"products":["Spring Data Commons","Spring Data Commons","Spring Data Commons","Spring Data Commons","Spring Data Commons"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-41717","summary":"Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder.\n\nAffected versions:\nSpring Data MongoDB 5.0.0 through 5.0.5; 4.5.0 through 4.5.11; 4.4.0 through 4.4.14; 4.3.0 through 4.3.16; 4.2.0 through 4.2.15; 4.1.0 through 4.1.14; 4.0.0 through 4.0.15; 3.4.0 through 3.4.19.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00048,"ranking_epss":0.1524,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41717"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:51","euvd":{"id":"EUVD-2026-35900","description":"Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder.\n\nAffected versions:\nSpring Data MongoDB 5.0.0 through 5.0.5; 4.5.0 through 4.5.11; 4.4.0 through 4.4.14; 4.3.0 through 4.3.16; 4.2.0 through 4.2.15; 4.1.0 through 4.1.14; 4.0.0 through 4.0.15; 3.4.0 through 3.4.19.","published_time":"2026-06-09T23:48:38","cvss":8.1,"cvss_version":"3.1","epss":0.0005,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41717"],"products":["Spring Data MongoDB","Spring Data MongoDB","Spring Data MongoDB","Spring Data MongoDB","Spring Data MongoDB","Spring Data MongoDB","Spring Data MongoDB","Spring Data MongoDB"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-41719","summary":"A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator.\n\nAffected versions:\nSpring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.","cvss":6.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.4,"cvss_v4":null,"epss":0.00046,"ranking_epss":0.14647,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41719"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:51","euvd":{"id":"EUVD-2026-35901","description":"A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator.\n\nAffected versions:\nSpring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.","published_time":"2026-06-09T23:48:42","cvss":6.4,"cvss_version":"3.1","epss":0.0005,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41719"],"products":["Spring Data Redis","Spring Data KeyValue","Spring Data Redis","Spring Data KeyValue","Spring Data Redis","Spring Data KeyValue","Spring Data KeyValue","Spring Data Redis","Spring Data KeyValue","Spring Data Redis","Spring Data Redis","Spring Data Redis","Spring Data Redis","Spring Data KeyValue","Spring Data KeyValue","Spring Data KeyValue"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-41721","summary":"Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lots of memory.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00228,"ranking_epss":0.45688,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41721"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:51","euvd":{"id":"EUVD-2026-35902","description":"Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lots of memory.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.","published_time":"2026-06-09T23:48:47","cvss":5.9,"cvss_version":"3.1","epss":0.0023,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41721"],"products":["Spring Data Commons","Spring Data Commons","Spring Data Commons","Spring Data Commons","Spring Data Commons","Spring Data Commons","Spring Data Commons","Spring Data Commons"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-40991","summary":"When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next executed.\n\nAffected versions:\nSpring REST Docs 4.0.0; 3.0.0 through 3.0.5; 2.0.0.RELEASE through 2.0.8.RELEASE.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.12048,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-40991"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:50","euvd":{"id":"EUVD-2026-35885","description":"When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next executed.\n\nAffected versions:\nSpring REST Docs 4.0.0; 3.0.0 through 3.0.5; 2.0.0.RELEASE through 2.0.8.RELEASE.","published_time":"2026-06-09T23:46:33","cvss":5.9,"cvss_version":"3.1","epss":0.0004,"assigner":"vmware","references":["https://spring.io/security/cve-2026-40991"],"products":["Spring REST Docs","Spring REST Docs","Spring REST Docs"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-40993","summary":"An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials (verification_credentials and encryption_credentials, respectively).\n\nAffected versions:\nSpring Security 7.0.0 through 7.0.5.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.01961,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-40993"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:50","euvd":{"id":"EUVD-2026-35886","description":"An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials (verification_credentials and encryption_credentials, respectively).\n\nAffected versions:\nSpring Security 7.0.0 through 7.0.5.","published_time":"2026-06-09T23:46:39","cvss":7.3,"cvss_version":"3.1","epss":0.0001,"assigner":"vmware","references":["https://spring.io/security/cve-2026-40993"],"products":["Spring Security"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-41003","summary":"An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters.\n\nAffected versions:\nSpring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.","cvss":7.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.6,"cvss_v4":null,"epss":0.00032,"ranking_epss":0.09907,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41003"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:50","euvd":{"id":"EUVD-2026-35887","description":"An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters.\n\nAffected versions:\nSpring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.","published_time":"2026-06-09T23:46:53","cvss":7.6,"cvss_version":"3.1","epss":0.0003,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41003"],"products":["Spring Security","Spring Security","Spring Security","Spring Security","Spring Security","Spring Security"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-41008","summary":"Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an invalid request_uri and an arbitrary, unvalidated redirect_uri, which can lead to an Open Redirect vulnerability.\n\nAffected versions:\nSpring Security 7.0.0 through 7.0.5.\nSpring Authorization Server 1.5.0 through 1.5.7.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.08039,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41008"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:50","euvd":{"id":"EUVD-2026-35888","description":"Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an invalid request_uri and an arbitrary, unvalidated redirect_uri, which can lead to an Open Redirect vulnerability.\n\nAffected versions:\nSpring Security 7.0.0 through 7.0.5.\nSpring Authorization Server 1.5.0 through 1.5.7.","published_time":"2026-06-09T23:47:07","cvss":6.1,"cvss_version":"3.1","epss":0.0003,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41008"],"products":["Spring Security","Spring Authorization Server"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-41694","summary":"Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle.\n\nAffected versions:\nSpring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.","cvss":3.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.7,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.05444,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41694"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:50","euvd":{"id":"EUVD-2026-35889","description":"Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle.\n\nAffected versions:\nSpring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.","published_time":"2026-06-09T23:47:17","cvss":3.7,"cvss_version":"3.1","epss":0.0002,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41694"],"products":["Spring Security","Spring Security","Spring Security","Spring Security","Spring Security","Spring Security"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-41695","summary":"Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41695"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:50","euvd":{"id":"EUVD-2026-35891","description":"Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14.","published_time":"2026-06-09T23:47:33","cvss":7.5,"cvss_version":"3.1","epss":0.0004,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41695"],"products":["Spring Data Commons","Spring Data Commons","Spring Data Commons"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-41696","summary":"Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting.\n\nAffected versions:\nSpring Data MongoDB 5.0.0 through 5.0.5; 4.5.0 through 4.5.11; 4.4.0 through 4.4.14; 4.3.0 through 4.3.16; 4.2.0 through 4.2.15; 4.1.0 through 4.1.14; 4.0.0 through 4.0.15; 3.4.0 through 3.4.19.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.09988,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41696"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:50","euvd":{"id":"EUVD-2026-35892","description":"Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting.\n\nAffected versions:\nSpring Data MongoDB 5.0.0 through 5.0.5; 4.5.0 through 4.5.11; 4.4.0 through 4.4.14; 4.3.0 through 4.3.16; 4.2.0 through 4.2.15; 4.1.0 through 4.1.14; 4.0.0 through 4.0.15; 3.4.0 through 3.4.19.","published_time":"2026-06-09T23:47:37","cvss":5.9,"cvss_version":"3.1","epss":0.0003,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41696"],"products":["Spring Data MongoDB","Spring Data MongoDB","Spring Data MongoDB","Spring Data MongoDB","Spring Data MongoDB","Spring Data MongoDB","Spring Data MongoDB","Spring Data MongoDB"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-41697","summary":"Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher (STARTING, ENDING, or CONTAINING) in Query By Example (QBE). An attacker can supply wildcard characters to perform boolean-based blind data inference.\n\nAffected versions:\nSpring Data Relational/JDBC/R2DBC 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.4.0 through 2.4.19.","cvss":4.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.8,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.1295,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-41697"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:50","euvd":{"id":"EUVD-2026-35893","description":"Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher (STARTING, ENDING, or CONTAINING) in Query By Example (QBE). An attacker can supply wildcard characters to perform boolean-based blind data inference.\n\nAffected versions:\nSpring Data Relational/JDBC/R2DBC 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.4.0 through 2.4.19.","published_time":"2026-06-09T23:47:42","cvss":4.8,"cvss_version":"3.1","epss":0.0004,"assigner":"vmware","references":["https://spring.io/security/cve-2026-41697"],"products":["Spring Data JDBC","Spring Data JDBC","Spring Data R2DBC","Spring Data JDBC","Spring Data R2DBC","Spring Data Relational","Spring Data R2DBC","Spring Data JDBC","Spring Data Relational","Spring Data JDBC","Spring Data JDBC","Spring Data R2DBC","Spring Data Relational","Spring Data R2DBC","Spring Data JDBC","Spring Data R2DBC","Spring Data R2DBC","Spring Data Relational","Spring Data JDBC","Spring Data R2DBC","Spring Data Relational","Spring Data Relational","Spring Data Relational","Spring Data Relational"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-40988","summary":"An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory.\n\nAffected versions:\nSpring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://spring.io/security/cve-2026-40988"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-10T00:16:49","euvd":{"id":"EUVD-2026-35883","description":"An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory.\n\nAffected versions:\nSpring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.","published_time":"2026-06-09T23:46:15","cvss":7.5,"cvss_version":"3.1","epss":0.0004,"assigner":"vmware","references":["https://spring.io/security/cve-2026-40988"],"products":["Spring Security","Spring Security","Spring Security","Spring Security","Spring Security","Spring Security"],"vendors":["Spring"]}},{"cve_id":"CVE-2026-9754","summary":"An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command","cvss":7.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":7.1,"epss":0.00031,"ranking_epss":0.09312,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://jira.mongodb.org/browse/SERVER-122207"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T23:17:05","euvd":{"id":"EUVD-2026-35853","description":"An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command","published_time":"2026-06-09T22:33:21","cvss":7.1,"cvss_version":"4.0","epss":0.0003,"assigner":"mongodb","references":["https://jira.mongodb.org/browse/SERVER-122207"],"products":["MongoDB","MongoDB"],"vendors":["MONGODB"]}},{"cve_id":"CVE-2026-9747","summary":"Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server.","cvss":7.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":7.1,"epss":0.0004,"ranking_epss":0.12298,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://jira.mongodb.org/browse/SERVER-123918"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T23:17:04","euvd":{"id":"EUVD-2026-35863","description":"Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server.","published_time":"2026-06-09T22:05:24","cvss":7.1,"cvss_version":"4.0","epss":0.0004,"assigner":"mongodb","references":["https://jira.mongodb.org/browse/SERVER-123918"],"products":["MongoDB Server","MongoDB Server","MongoDB Server","MongoDB Server"],"vendors":["MONGODB"]}},{"cve_id":"CVE-2026-9748","summary":"The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal \"skip this document\" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines. When this stage is placed before $facet in a pipeline, TeeBuffer receives the unexpected PauseExecution from upstream and hits a hard invariant assertion, crashing mongod.","cvss":7.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":7.1,"epss":0.0006,"ranking_epss":0.18921,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://jira.mongodb.org/browse/SERVER-123951"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T23:17:04","euvd":{"id":"EUVD-2026-35864","description":"The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal \"skip this document\" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines. When this stage is placed before $facet in a pipeline, TeeBuffer receives the unexpected PauseExecution from upstream and hits a hard invariant assertion, crashing mongod.","published_time":"2026-06-09T22:08:22","cvss":7.1,"cvss_version":"4.0","epss":0.0006,"assigner":"mongodb","references":["https://jira.mongodb.org/browse/SERVER-123951"],"products":["MongoDB Server","MongoDB Server","MongoDB Server","MongoDB Server"],"vendors":["MONGODB"]}},{"cve_id":"CVE-2026-9749","summary":"This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer (that is, many results are routed to the same consumer), the server reaches the code path where a full per-consumer buffer is detected but the internal \"high watermark\" for that key range is not updated as intended.","cvss":7.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":7.1,"epss":0.0004,"ranking_epss":0.12298,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://jira.mongodb.org/browse/SERVER-124031"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T23:17:04","euvd":{"id":"EUVD-2026-35865","description":"This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer (that is, many results are routed to the same consumer), the server reaches the code path where a full per-consumer buffer is detected but the internal \"high watermark\" for that key range is not updated as intended.","published_time":"2026-06-09T22:10:45","cvss":7.1,"cvss_version":"4.0","epss":0.0004,"assigner":"mongodb","references":["https://jira.mongodb.org/browse/SERVER-124031"],"products":["MongoDB Server","MongoDB Server","MongoDB Server","MongoDB Server"],"vendors":["MONGODB"]}},{"cve_id":"CVE-2026-9750","summary":"An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain execution paths.","cvss":7.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":7.1,"epss":0.0006,"ranking_epss":0.18921,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://jira.mongodb.org/browse/SERVER-123633"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T23:17:04","euvd":{"id":"EUVD-2026-35866","description":"An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain execution paths.","published_time":"2026-06-09T22:17:08","cvss":7.1,"cvss_version":"4.0","epss":0.0006,"assigner":"mongodb","references":["https://jira.mongodb.org/browse/SERVER-123633"],"products":["MongoDB Server","MongoDB Server","MongoDB Server","MongoDB Server"],"vendors":["MONGODB"]}},{"cve_id":"CVE-2026-9751","summary":"The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.","cvss":6.8,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":6.8,"epss":0.00012,"ranking_epss":0.0192,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://jira.mongodb.org/browse/SERVER-123370"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T23:17:04","euvd":{"id":"EUVD-2026-35867","description":"The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.","published_time":"2026-06-09T22:24:25","cvss":6.8,"cvss_version":"4.0","epss":0.0001,"assigner":"mongodb","references":["https://jira.mongodb.org/browse/SERVER-123370"],"products":["MongoDB Server","MongoDB Server","MongoDB Server","MongoDB Server"],"vendors":["MONGODB"]}},{"cve_id":"CVE-2026-9752","summary":"An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS.\n\nStrict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not inspect members of a GeometryCollection, allowing the unsafe path to be reached which ends with an ensuing null-pointer dereference.","cvss":7.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":7.1,"epss":0.00046,"ranking_epss":0.14671,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://jira.mongodb.org/browse/SERVER-123440"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T23:17:04","euvd":{"id":"EUVD-2026-35851","description":"An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS.\n\nStrict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not inspect members of a GeometryCollection, allowing the unsafe path to be reached which ends with an ensuing null-pointer dereference.","published_time":"2026-06-09T22:27:49","cvss":7.1,"cvss_version":"4.0","epss":0.0005,"assigner":"mongodb","references":["https://jira.mongodb.org/browse/SERVER-123440"],"products":["MongoDB Server","MongoDB Server","MongoDB Server","MongoDB Server"],"vendors":["MONGODB"]}},{"cve_id":"CVE-2026-9753","summary":"The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command.","cvss":7.2,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":7.2,"epss":0.00063,"ranking_epss":0.19774,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://jira.mongodb.org/browse/SERVER-124959"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T23:17:04","euvd":{"id":"EUVD-2026-35852","description":"The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command.","published_time":"2026-06-09T22:30:57","cvss":7.2,"cvss_version":"4.0","epss":0.0006,"assigner":"mongodb","references":["https://jira.mongodb.org/browse/SERVER-124959"],"products":["MongoDB Server","MongoDB Server","MongoDB Server","MongoDB Server"],"vendors":["MONGODB"]}},{"cve_id":"CVE-2026-9735","summary":"MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction.","cvss":6.8,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":6.8,"epss":0.00016,"ranking_epss":0.03599,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://jira.mongodb.org/browse/SERVER-126506"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T23:17:03","euvd":{"id":"EUVD-2026-35856","description":"MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction.","published_time":"2026-06-09T22:40:55","cvss":6.8,"cvss_version":"4.0","epss":0.0002,"assigner":"mongodb","references":["https://jira.mongodb.org/browse/SERVER-126506"],"products":["MongoDB Server"],"vendors":["MONGODB"]}},{"cve_id":"CVE-2026-9740","summary":"A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions, where each re-entry resets internal depth tracking.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":8.7,"epss":0.0003,"ranking_epss":0.09123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://jira.mongodb.org/browse/SERVER-125063"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T23:17:03","euvd":{"id":"EUVD-2026-35857","description":"A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions, where each re-entry resets internal depth tracking.","published_time":"2026-06-09T22:43:44","cvss":8.7,"cvss_version":"4.0","epss":0.0003,"assigner":"mongodb","references":["https://jira.mongodb.org/browse/SERVER-125063"],"products":["MongoDB Server","MongoDB Server","MongoDB Server","MongoDB Server"],"vendors":["MONGODB"]}},{"cve_id":"CVE-2026-9741","summary":"A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE)  results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of ciphertext.","cvss":7.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":7.1,"epss":0.00013,"ranking_epss":0.01978,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://jira.mongodb.org/browse/SERVER-123507"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T23:17:03","euvd":{"id":"EUVD-2026-35859","description":"A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE)  results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of ciphertext.","published_time":"2026-06-09T21:56:01","cvss":7.1,"cvss_version":"4.0","epss":0.0001,"assigner":"mongodb","references":["https://jira.mongodb.org/browse/SERVER-123507"],"products":["MongoDB Server","MongoDB Server","MongoDB Server","MongoDB Server"],"vendors":["MONGODB"]}},{"cve_id":"CVE-2026-9742","summary":"When OIDC authentication is enabled in configuration, clients may set specific values in the \"mechanism\" parameter of the \"authenticate\" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product configurations.","cvss":8.2,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":8.2,"epss":0.00069,"ranking_epss":0.21464,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://jira.mongodb.org/browse/SERVER-124183"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T23:17:03","euvd":{"id":"EUVD-2026-35860","description":"When OIDC authentication is enabled in configuration, clients may set specific values in the \"mechanism\" parameter of the \"authenticate\" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product configurations.","published_time":"2026-06-09T21:57:46","cvss":8.2,"cvss_version":"4.0","epss":0.0007,"assigner":"mongodb","references":["https://jira.mongodb.org/browse/SERVER-124183"],"products":["MongoDB Server","MongoDB Server"],"vendors":["MONGODB"]}},{"cve_id":"CVE-2026-9743","summary":"In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline when reattaching to the operation context, accessing an invalid address and crashing the process. This issue allows an authenticated user who can run aggregation pipelines to cause a denial of service by issuing a specially crafted aggregation followed by getMore on affected versions.","cvss":7.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":7.1,"epss":0.00046,"ranking_epss":0.14607,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://jira.mongodb.org/browse/SERVER-123688"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T23:17:03","euvd":{"id":"EUVD-2026-35861","description":"In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline when reattaching to the operation context, accessing an invalid address and crashing the process. This issue allows an authenticated user who can run aggregation pipelines to cause a denial of service by issuing a specially crafted aggregation followed by getMore on affected versions.","published_time":"2026-06-09T21:59:34","cvss":7.1,"cvss_version":"4.0","epss":0.0005,"assigner":"mongodb","references":["https://jira.mongodb.org/browse/SERVER-123688"],"products":["MongoDB Server"],"vendors":["MONGODB"]}},{"cve_id":"CVE-2026-9746","summary":"When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement.","cvss":7.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":7.1,"epss":0.0004,"ranking_epss":0.12298,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://jira.mongodb.org/browse/SERVER-124190"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T23:17:03","euvd":{"id":"EUVD-2026-35862","description":"When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement.","published_time":"2026-06-09T22:02:12","cvss":7.1,"cvss_version":"4.0","epss":0.0004,"assigner":"mongodb","references":["https://jira.mongodb.org/browse/SERVER-124190"],"products":["MongoDB Server","MongoDB Server","MongoDB Server","MongoDB Server"],"vendors":["MONGODB"]}},{"cve_id":"CVE-2026-46373","summary":"SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any application using the parser to trigger a Denial of Service through resource exhaustion. This issue has been patched in version 4.1.0.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-wmhf-fqc8-vxhh"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T23:16:59","euvd":{"id":"EUVD-2026-35854","description":"SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any application using the parser to trigger a Denial of Service through resource exhaustion. This issue has been patched in version 4.1.0.","published_time":"2026-06-09T22:38:33","cvss":7.5,"cvss_version":"3.1","epss":0.0004,"assigner":"GitHub_M","references":["https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-wmhf-fqc8-vxhh"],"products":["sqlfluff"],"vendors":["sqlfluff"]}},{"cve_id":"CVE-2026-46374","summary":"SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to trigger a Denial of Service through resource exhaustion. This issue has been patched in version 4.2.0.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-73jc-5mrq-prw7"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T23:16:59","euvd":{"id":"EUVD-2026-35855","description":"SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to trigger a Denial of Service through resource exhaustion. This issue has been patched in version 4.2.0.","published_time":"2026-06-09T22:40:40","cvss":7.5,"cvss_version":"3.1","epss":0.0004,"assigner":"GitHub_M","references":["https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-73jc-5mrq-prw7"],"products":["sqlfluff"],"vendors":["sqlfluff"]}},{"cve_id":"CVE-2026-46433","summary":"lldpd is an implementation of IEEE 802.1ab (LLDP). Prior to version 1.0.22, lldpd_decode() in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove() to shift the frame payload 4 bytes left. The third argument (byte count) is s - 2 * ETHER_ADDR_LEN but should be s - 2 * ETHER_ADDR_LEN - 4, causing a 4-byte heap buffer over-read past the malloc(h_mtu) allocation when the received frame size equals the interface MTU. This issue has been patched in version 1.0.22.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.0357,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/lldpd/lldpd/commit/ca931be63a9cae0fcd8e9b6ae4e916d49f141cd6","https://github.com/lldpd/lldpd/pull/787","https://github.com/lldpd/lldpd/releases/tag/1.0.22","https://github.com/lldpd/lldpd/security/advisories/GHSA-2g8p-2h3j-63m3"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T23:16:59","euvd":{"id":"EUVD-2026-35858","description":"lldpd is an implementation of IEEE 802.1ab (LLDP). Prior to version 1.0.22, lldpd_decode() in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove() to shift the frame payload 4 bytes left. The third argument (byte count) is s - 2 * ETHER_ADDR_LEN but should be s - 2 * ETHER_ADDR_LEN - 4, causing a 4-byte heap buffer over-read past the malloc(h_mtu) allocation when the received frame size equals the interface MTU. This issue has been patched in version 1.0.22.","published_time":"2026-06-09T22:49:02","cvss":6.5,"cvss_version":"3.1","epss":0.0002,"assigner":"GitHub_M","references":["https://github.com/lldpd/lldpd/security/advisories/GHSA-2g8p-2h3j-63m3","https://github.com/lldpd/lldpd/pull/787","https://github.com/lldpd/lldpd/commit/ca931be63a9cae0fcd8e9b6ae4e916d49f141cd6","https://github.com/lldpd/lldpd/releases/tag/1.0.22"],"products":["lldpd"],"vendors":["lldpd"]}},{"cve_id":"CVE-2026-44963","summary":"A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.","cvss":9.4,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":9.4,"epss":0.00586,"ranking_epss":0.69552,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.veeam.com/kb4869"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T23:16:52","euvd":{"id":"EUVD-2026-35868","description":"A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.","published_time":"2026-06-09T22:27:01","cvss":9.4,"cvss_version":"4.0","epss":0.0059,"assigner":"hackerone","references":["https://www.veeam.com/kb4869"],"products":["Backup and Replication"],"vendors":["Veeam"]}},{"cve_id":"CVE-2026-10238","summary":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.","cvss":null,"cvss_version":null,"cvss_v2":null,"cvss_v3":null,"cvss_v4":null,"epss":null,"ranking_epss":null,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":[],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T23:16:45","euvd":null},{"cve_id":"CVE-2026-47902","summary":"CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04839,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-61.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T22:16:25","euvd":{"id":"EUVD-2026-35846","description":"CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.","published_time":"2026-06-09T21:21:54","cvss":6.2,"cvss_version":"3.1","epss":0.0002,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-61.html"],"products":["CAI Content Credentials"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47903","summary":"CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07914,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-61.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T22:16:25","euvd":{"id":"EUVD-2026-35847","description":"CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.","published_time":"2026-06-09T21:21:54","cvss":6.2,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-61.html"],"products":["CAI Content Credentials"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47904","summary":"CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04839,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-61.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T22:16:25","euvd":{"id":"EUVD-2026-35848","description":"CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.","published_time":"2026-06-09T21:21:55","cvss":6.2,"cvss_version":"3.1","epss":0.0002,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-61.html"],"products":["CAI Content Credentials"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47905","summary":"CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04839,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-61.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T22:16:25","euvd":{"id":"EUVD-2026-35845","description":"CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.","published_time":"2026-06-09T21:21:53","cvss":6.2,"cvss_version":"3.1","epss":0.0002,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-61.html"],"products":["CAI Content Credentials"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34711","summary":"CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00072,"ranking_epss":0.22048,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-61.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T22:16:24","euvd":{"id":"EUVD-2026-35850","description":"CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.","published_time":"2026-06-09T21:21:57","cvss":7.5,"cvss_version":"3.1","epss":0.0007,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-61.html"],"products":["CAI Content Credentials"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34712","summary":"CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00107,"ranking_epss":0.28432,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-61.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T22:16:24","euvd":{"id":"EUVD-2026-35849","description":"CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.","published_time":"2026-06-09T21:21:56","cvss":7.5,"cvss_version":"3.1","epss":0.0011,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-61.html"],"products":["CAI Content Credentials"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34713","summary":"CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.12068,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-61.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T22:16:24","euvd":{"id":"EUVD-2026-35843","description":"CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.","published_time":"2026-06-09T21:21:51","cvss":7.5,"cvss_version":"3.1","epss":0.0004,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-61.html"],"products":["CAI Content Credentials"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-25860","summary":"OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with JavaScript payloads in metadata fields such as Study Description, which are reflected without sanitization in popup.jsp and archiving/uploadfiles_jsp.java when processed through the Upload DICOM images feature.","cvss":5.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":5.3,"epss":0.0001,"ranking_epss":0.01085,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/partywavesec/CVE-2026-25860","https://www.partywave.site/show/research/cve-2026-25860-openclinic-ga-xss-to-rce","https://www.vulncheck.com/advisories/openclinic-ga-reflected-xss-via-dicom-image-upload-handler"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T22:16:22","euvd":{"id":"EUVD-2026-35842","description":"OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with JavaScript payloads in metadata fields such as Study Description, which are reflected without sanitization in popup.jsp and archiving/uploadfiles_jsp.java when processed through the Upload DICOM images feature.","published_time":"2026-06-09T21:09:44","cvss":5.3,"cvss_version":"4.0","epss":0.0001,"assigner":"VulnCheck","references":["https://www.partywave.site/show/research/cve-2026-25860-openclinic-ga-xss-to-rce","https://github.com/partywavesec/CVE-2026-25860","https://www.vulncheck.com/advisories/openclinic-ga-reflected-xss-via-dicom-image-upload-handler"],"products":["OpenClinic GA"],"vendors":["frankverbeke"]}},{"cve_id":"CVE-2026-34417","summary":"OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to the project_id variable without sanitization in oscal-functions.php, and when the supplied project ID is not found, the unsanitized value is concatenated into an error message via the Messages() function and reflected into the HTML response body without encoding.","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":5.1,"epss":0.00055,"ranking_epss":0.17644,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://gist.github.com/cyberinforepo/5a8d369a005826b6b42bfeed9607c2dd","https://www.vulncheck.com/advisories/oscal-gui-reflected-xss-via-project-parameter-in-oscal-forms-php"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T22:16:22","euvd":{"id":"EUVD-2026-35841","description":"OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to the project_id variable without sanitization in oscal-functions.php, and when the supplied project ID is not found, the unsanitized value is concatenated into an error message via the Messages() function and reflected into the HTML response body without encoding.","published_time":"2026-06-09T21:02:40","cvss":5.1,"cvss_version":"4.0","epss":0.0006,"assigner":"VulnCheck","references":["https://gist.github.com/cyberinforepo/5a8d369a005826b6b42bfeed9607c2dd","https://www.vulncheck.com/advisories/oscal-gui-reflected-xss-via-project-parameter-in-oscal-forms-php"],"products":["OSCAL-GUI"],"vendors":["brian-ruf"]}},{"cve_id":"CVE-2026-34657","summary":"CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to unauthorized files or directories outside of intended restrictions. Exploitation of this issue requires user interaction in that a victim must extract a maliciously crafted file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.07126,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-61.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T22:16:22","euvd":{"id":"EUVD-2026-35844","description":"CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to unauthorized files or directories outside of intended restrictions. Exploitation of this issue requires user interaction in that a victim must extract a maliciously crafted file.","published_time":"2026-06-09T21:21:52","cvss":5.5,"cvss_version":"3.1","epss":0.0002,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-61.html"],"products":["CAI Content Credentials"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48291","summary":"Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/formatplugins/apsb26-65.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:25","euvd":{"id":"EUVD-2026-35835","description":"Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:38:43","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/formatplugins/apsb26-65.html"],"products":["Format Plugins"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48292","summary":"Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/formatplugins/apsb26-65.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:25","euvd":{"id":"EUVD-2026-35834","description":"Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:38:42","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/formatplugins/apsb26-65.html"],"products":["Format Plugins"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48303","summary":"Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.","cvss":10.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":10.0,"cvss_v4":null,"epss":0.00498,"ranking_epss":0.66346,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/campaign/apsb26-66.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:25","euvd":{"id":"EUVD-2026-35838","description":"Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.","published_time":"2026-06-09T20:59:03","cvss":10.0,"cvss_version":"3.1","epss":0.005,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/campaign/apsb26-66.html"],"products":["Adobe Campaign Classic (ACC)"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47955","summary":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.1003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:24","euvd":{"id":"EUVD-2026-35819","description":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:01:17","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"products":["Acrobat Reader"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47959","summary":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:24","euvd":{"id":"EUVD-2026-35808","description":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:01:08","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"products":["Acrobat Reader"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47960","summary":"ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.","cvss":7.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.4,"cvss_v4":null,"epss":0.00112,"ranking_epss":0.29337,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:24","euvd":{"id":"EUVD-2026-35831","description":"ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.","published_time":"2026-06-09T20:33:37","cvss":7.4,"cvss_version":"3.1","epss":0.0011,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html"],"products":["ColdFusion"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47961","summary":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.06415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:24","euvd":{"id":"EUVD-2026-35813","description":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:01:12","cvss":5.5,"cvss_version":"3.1","epss":0.0002,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"products":["Acrobat Reader"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47931","summary":"ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13552,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:23","euvd":{"id":"EUVD-2026-35829","description":"ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.","published_time":"2026-06-09T20:33:35","cvss":8.4,"cvss_version":"3.1","epss":0.0004,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html"],"products":["ColdFusion"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47932","summary":"ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00024,"ranking_epss":0.07231,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:23","euvd":{"id":"EUVD-2026-35832","description":"ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.","published_time":"2026-06-09T20:33:38","cvss":8.8,"cvss_version":"3.1","epss":0.0002,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html"],"products":["ColdFusion"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47933","summary":"ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":4.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.8,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11656,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:23","euvd":{"id":"EUVD-2026-35827","description":"ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T20:33:33","cvss":4.8,"cvss_version":"3.1","epss":0.0004,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html"],"products":["ColdFusion"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47937","summary":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.","cvss":7.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.4,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07696,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:23","euvd":{"id":"EUVD-2026-35826","description":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.","published_time":"2026-06-09T20:05:51","cvss":7.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"products":["Acrobat Reader"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47938","summary":"Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in privilege escalation. Exploitation of this issue does not require user interaction. Scope is changed.","cvss":10.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":10.0,"cvss_v4":null,"epss":0.00094,"ranking_epss":0.26171,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/campaign/apsb26-66.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:23","euvd":{"id":"EUVD-2026-35839","description":"Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in privilege escalation. Exploitation of this issue does not require user interaction. Scope is changed.","published_time":"2026-06-09T20:59:05","cvss":10.0,"cvss_version":"3.1","epss":0.0009,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/campaign/apsb26-66.html"],"products":["Adobe Campaign Classic (ACC)"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47952","summary":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:23","euvd":{"id":"EUVD-2026-35821","description":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:01:19","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"products":["Acrobat Reader"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47921","summary":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.1003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:22","euvd":{"id":"EUVD-2026-35815","description":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:01:14","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"products":["Acrobat Reader"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47923","summary":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.06415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:22","euvd":{"id":"EUVD-2026-35822","description":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:01:20","cvss":5.5,"cvss_version":"3.1","epss":0.0002,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"products":["Acrobat Reader"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47924","summary":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00027,"ranking_epss":0.08055,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:22","euvd":{"id":"EUVD-2026-35818","description":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:01:16","cvss":5.5,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"products":["Acrobat Reader"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47925","summary":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04839,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:22","euvd":{"id":"EUVD-2026-35810","description":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:01:09","cvss":5.5,"cvss_version":"3.1","epss":0.0002,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"products":["Acrobat Reader"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47926","summary":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.06415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:22","euvd":{"id":"EUVD-2026-35816","description":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:01:15","cvss":5.5,"cvss_version":"3.1","epss":0.0002,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"products":["Acrobat Reader"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47928","summary":"ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00036,"ranking_epss":0.11013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:22","euvd":{"id":"EUVD-2026-35830","description":"ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.","published_time":"2026-06-09T20:33:36","cvss":9.6,"cvss_version":"3.1","epss":0.0004,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html"],"products":["ColdFusion"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47929","summary":"ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. Scope is changed.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"cvss_v4":null,"epss":0.0002,"ranking_epss":0.05772,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:22","euvd":{"id":"EUVD-2026-35833","description":"ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. Scope is changed.","published_time":"2026-06-09T20:33:38","cvss":8.4,"cvss_version":"3.1","epss":0.0002,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html"],"products":["ColdFusion"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47930","summary":"ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue does not require user interaction.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22558,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:22","euvd":{"id":"EUVD-2026-35828","description":"ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue does not require user interaction.","published_time":"2026-06-09T20:33:34","cvss":8.1,"cvss_version":"3.1","epss":0.0007,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html"],"products":["ColdFusion"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47913","summary":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.1003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:21","euvd":{"id":"EUVD-2026-35812","description":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:01:11","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"products":["Acrobat Reader"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47914","summary":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.1003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:21","euvd":{"id":"EUVD-2026-35811","description":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:01:10","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"products":["Acrobat Reader"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47915","summary":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.1003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:21","euvd":{"id":"EUVD-2026-35823","description":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:01:21","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"products":["Acrobat Reader"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47916","summary":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.1003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:21","euvd":{"id":"EUVD-2026-35825","description":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:01:22","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"products":["Acrobat Reader"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47917","summary":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.1003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:21","euvd":{"id":"EUVD-2026-35820","description":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:01:18","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"products":["Acrobat Reader"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47918","summary":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.1003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:21","euvd":{"id":"EUVD-2026-35824","description":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:01:22","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"products":["Acrobat Reader"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47919","summary":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.1003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:21","euvd":{"id":"EUVD-2026-35817","description":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:01:16","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"products":["Acrobat Reader"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47920","summary":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.1003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:21","euvd":{"id":"EUVD-2026-35814","description":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:01:13","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"products":["Acrobat Reader"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47911","summary":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:20","euvd":{"id":"EUVD-2026-35807","description":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:01:07","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"products":["Acrobat Reader"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47912","summary":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.1003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:20","euvd":{"id":"EUVD-2026-35809","description":"Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T20:01:09","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/acrobat/apsb26-63.html"],"products":["Acrobat Reader"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34416","summary":"OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter. Attackers can craft a malicious URL containing unsanitized input that breaks out of the JavaScript string and HTML attribute context in the body onload event handler to execute arbitrary scripts when the link is visited by a victim.","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":5.1,"epss":0.00069,"ranking_epss":0.21385,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://gist.github.com/cyberinforepo/5a8d369a005826b6b42bfeed9607c2dd","https://www.vulncheck.com/advisories/oscal-gui-reflected-xss-via-project-parameter-in-oscal-php"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:08","euvd":{"id":"EUVD-2026-35840","description":"OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter. Attackers can craft a malicious URL containing unsanitized input that breaks out of the JavaScript string and HTML attribute context in the body onload event handler to execute arbitrary scripts when the link is visited by a victim.","published_time":"2026-06-09T20:59:29","cvss":5.1,"cvss_version":"4.0","epss":0.0007,"assigner":"VulnCheck","references":["https://gist.github.com/cyberinforepo/5a8d369a005826b6b42bfeed9607c2dd","https://www.vulncheck.com/advisories/oscal-gui-reflected-xss-via-project-parameter-in-oscal-php"],"products":["OSCAL-GUI"],"vendors":["brian-ruf"]}},{"cve_id":"CVE-2026-25557","summary":"Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HTML title element and inside anchor href attributes in the breadcrumb navigation. Attackers can inject arbitrary JavaScript via crafted dir parameter values by breaking out of the title context or injecting event handlers into breadcrumb anchor attributes to execute malicious scripts in a victim's browser.","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":5.1,"epss":0.00029,"ranking_epss":0.08714,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://gist.github.com/cyberinforepo/d62cf53ef42ff703ca67792d49bf6780","https://www.evoluted.net/blog/development/php-directory-listing-script","https://www.vulncheck.com/advisories/evoluted-php-directory-listing-script-reflected-xss-via-dir-parameter"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:04","euvd":{"id":"EUVD-2026-35836","description":"Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HTML title element and inside anchor href attributes in the breadcrumb navigation. Attackers can inject arbitrary JavaScript via crafted dir parameter values by breaking out of the title context or injecting event handlers into breadcrumb anchor attributes to execute malicious scripts in a victim's browser.","published_time":"2026-06-09T20:49:31","cvss":5.1,"cvss_version":"4.0","epss":0.0003,"assigner":"VulnCheck","references":["https://gist.github.com/cyberinforepo/d62cf53ef42ff703ca67792d49bf6780","https://www.evoluted.net/blog/development/php-directory-listing-script","https://www.vulncheck.com/advisories/evoluted-php-directory-listing-script-reflected-xss-via-dir-parameter"],"products":["PHP Directory Listing Script"],"vendors":["Evoluted"]}},{"cve_id":"CVE-2025-71319","summary":"image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":8.7,"epss":0.00098,"ranking_epss":0.26891,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://joshua.hu/image-size-infinite-loop-dos-vulnerabilities","https://web.archive.org/web/20260224152152/https://github.com/image-size/image-size/pull/439","https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-jxl-heif-parser"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:03","euvd":{"id":"EUVD-2025-210087","description":"image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application.","published_time":"2026-06-09T19:57:16","cvss":8.7,"cvss_version":"4.0","epss":0.0011,"assigner":"VulnCheck","references":["https://joshua.hu/image-size-infinite-loop-dos-vulnerabilities","https://web.archive.org/web/20260224152152/https://github.com/image-size/image-size/pull/439","https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-jxl-heif-parser"],"products":["image-size","image-size","image-size","image-size"],"vendors":["image-size"]}},{"cve_id":"CVE-2026-11799","summary":"UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was fixed in Focus for iOS 151.3.1 and Klar for iOS 151.3.1.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.09988,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1975667","https://www.mozilla.org/security/advisories/mfsa2026-55/"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T21:17:03","euvd":{"id":"EUVD-2026-35837","description":"UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was fixed in Focus for iOS 151.3.1 and Klar for iOS 151.3.1.","published_time":"2026-06-09T20:52:02","cvss":7.5,"cvss_version":"3.1","epss":0.0002,"assigner":"mozilla","references":["https://bugzilla.mozilla.org/show_bug.cgi?id=1975667","https://www.mozilla.org/security/advisories/mfsa2026-55/"],"products":[],"vendors":[]}},{"cve_id":"CVE-2026-48306","summary":"Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/substance3d-sampler/apsb26-60.html"],"vendor":"adobe","product":"substance_3d_sampler","version":null,"published_time":"2026-06-09T20:17:02","euvd":{"id":"EUVD-2026-35800","description":"Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T19:15:39","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/substance3d-sampler/apsb26-60.html"],"products":["Substance3D - Sampler"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-6444","summary":"A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges.","cvss":8.6,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.6,"epss":0.00038,"ranking_epss":0.11868,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T20:17:02","euvd":{"id":"EUVD-2026-35793","description":"A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges.","published_time":"2026-06-09T18:40:26","cvss":8.6,"cvss_version":"4.0","epss":0.0004,"assigner":"Everpure","references":["https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html"],"products":["FlashArray"],"vendors":["Everpure"]}},{"cve_id":"CVE-2026-6445","summary":"A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an authenticated user with low privileges.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":8.7,"epss":0.00038,"ranking_epss":0.11868,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T20:17:02","euvd":{"id":"EUVD-2026-35792","description":"A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an authenticated user with low privileges.","published_time":"2026-06-09T18:40:03","cvss":8.7,"cvss_version":"4.0","epss":0.0004,"assigner":"Everpure","references":["https://support.purestorage.com/bundle/m_security_bulletins/page/Pure_Security/topics/concept/c_security_bulletins.html"],"products":["FlashArray","FlashArray"],"vendors":["Everpure"]}},{"cve_id":"CVE-2026-48305","summary":"Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/substance3d-sampler/apsb26-60.html"],"vendor":"adobe","product":"substance_3d_sampler","version":null,"published_time":"2026-06-09T20:17:01","euvd":{"id":"EUVD-2026-35798","description":"Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T19:15:37","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/substance3d-sampler/apsb26-60.html"],"products":["Substance3D - Sampler"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47909","summary":"Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00031,"ranking_epss":0.09564,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/dreamweaver/apsb26-62.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T20:17:00","euvd":{"id":"EUVD-2026-35806","description":"Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.","published_time":"2026-06-09T19:24:09","cvss":6.3,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/dreamweaver/apsb26-62.html"],"products":["Dreamweaver Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47910","summary":"Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.06357,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/dreamweaver/apsb26-62.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T20:17:00","euvd":{"id":"EUVD-2026-35805","description":"Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.","published_time":"2026-06-09T19:24:08","cvss":6.3,"cvss_version":"3.1","epss":0.0002,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/dreamweaver/apsb26-62.html"],"products":["Dreamweaver Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47106","summary":"Ellucian Banner Self-Service before the April T2 release (2025-04-23) contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP users to inject malicious payloads into faculty and course fields by exploiting missing HTML encoding during DOM insertion. An attacker with Banner ERP write access can store malicious JavaScript in fields such as faculty displayName, emailAddress, subjectDescription, or courseTitle; these values are subsequently served unsanitized by the unauthenticated getFacultyMeetingTimes API endpoint, causing arbitrary script execution in the browser of any user who views the affected course's meeting times.","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":5.1,"epss":0.0003,"ranking_epss":0.09182,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.ellucian.com/assets/en/brochure/brochure-learn-more-about-ellucian-banner-self-service.pdf","https://www.ellucian.com/security-researcher-hall-of-fame","https://www.vulncheck.com/advisories/ellucian-banner-self-service-stored-xss-via-getfacultymeetingtimes-api"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T20:16:59","euvd":{"id":"EUVD-2026-35796","description":"Ellucian Banner Self-Service before the April T2 release (2025-04-23) contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP users to inject malicious payloads into faculty and course fields by exploiting missing HTML encoding during DOM insertion. An attacker with Banner ERP write access can store malicious JavaScript in fields such as faculty displayName, emailAddress, subjectDescription, or courseTitle; these values are subsequently served unsanitized by the unauthenticated getFacultyMeetingTimes API endpoint, causing arbitrary script execution in the browser of any user who views the affected course's meeting times.","published_time":"2026-06-09T19:15:05","cvss":5.1,"cvss_version":"4.0","epss":0.0003,"assigner":"VulnCheck","references":["https://www.ellucian.com/security-researcher-hall-of-fame","https://www.ellucian.com/assets/en/brochure/brochure-learn-more-about-ellucian-banner-self-service.pdf","https://www.vulncheck.com/advisories/ellucian-banner-self-service-stored-xss-via-getfacultymeetingtimes-api"],"products":["Banner Self-Service","Banner Self-Service"],"vendors":["Ellucian"]}},{"cve_id":"CVE-2026-47906","summary":"Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/dreamweaver/apsb26-62.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T20:16:59","euvd":{"id":"EUVD-2026-35803","description":"Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.","published_time":"2026-06-09T19:24:06","cvss":8.6,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/dreamweaver/apsb26-62.html"],"products":["Dreamweaver Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47907","summary":"Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/dreamweaver/apsb26-62.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T20:16:59","euvd":{"id":"EUVD-2026-35804","description":"Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.","published_time":"2026-06-09T19:24:07","cvss":8.2,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/dreamweaver/apsb26-62.html"],"products":["Dreamweaver Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47908","summary":"Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/dreamweaver/apsb26-62.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T20:16:59","euvd":{"id":"EUVD-2026-35802","description":"Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T19:24:05","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/dreamweaver/apsb26-62.html"],"products":["Dreamweaver Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34709","summary":"Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/substance3d-sampler/apsb26-60.html"],"vendor":"adobe","product":"substance_3d_sampler","version":null,"published_time":"2026-06-09T20:16:39","euvd":{"id":"EUVD-2026-35797","description":"Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T19:15:36","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/substance3d-sampler/apsb26-60.html"],"products":["Substance3D - Sampler"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34710","summary":"Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/substance3d-sampler/apsb26-60.html"],"vendor":"adobe","product":"substance_3d_sampler","version":null,"published_time":"2026-06-09T20:16:39","euvd":{"id":"EUVD-2026-35799","description":"Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T19:15:38","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/substance3d-sampler/apsb26-60.html"],"products":["Substance3D - Sampler"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-32856","summary":"Ellucian Banner Self-Service before the April T2 release (2025-04-23) contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting unsanitized input through the toDateFormat request parameter in the dateConverter endpoint. Attackers can craft a malicious URL targeting the unauthenticated dateConverter endpoint to steal session cookies or perform other malicious actions in the context of the victim's browser session.","cvss":5.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":5.1,"epss":0.00061,"ranking_epss":0.19391,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.ellucian.com/assets/en/brochure/brochure-learn-more-about-ellucian-banner-self-service.pdf","https://www.ellucian.com/security-researcher-hall-of-fame","https://www.vulncheck.com/advisories/ellucian-banner-self-service-reflected-xss-via-dateconverter"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T20:16:34","euvd":{"id":"EUVD-2026-35795","description":"Ellucian Banner Self-Service before the April T2 release (2025-04-23) contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting unsanitized input through the toDateFormat request parameter in the dateConverter endpoint. Attackers can craft a malicious URL targeting the unauthenticated dateConverter endpoint to steal session cookies or perform other malicious actions in the context of the victim's browser session.","published_time":"2026-06-09T19:14:52","cvss":5.1,"cvss_version":"4.0","epss":0.0006,"assigner":"VulnCheck","references":["https://www.ellucian.com/security-researcher-hall-of-fame","https://www.ellucian.com/assets/en/brochure/brochure-learn-more-about-ellucian-banner-self-service.pdf","https://www.vulncheck.com/advisories/ellucian-banner-self-service-reflected-xss-via-dateconverter"],"products":["Banner Self-Service","Banner Self-Service"],"vendors":["Ellucian"]}},{"cve_id":"CVE-2026-11822","summary":"SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bounds read in fts5LeafSeek() via an attacker-controlled loop bound and a heap buffer overflow write in fts5ChunkIterate() through a crafted continuation page causing an integer underflow, exploitable when an FTS5 MATCH query is executed against the malicious database.","cvss":8.5,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":8.5,"epss":0.00013,"ranking_epss":0.0239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://sqlite.org/releaselog/3_53_2.html","https://sqlite.org/src/info/061febcf41ca","https://sqlite.org/src/info/4a5ad516ea93","https://www.vulncheck.com/advisories/sqlite-before-memory-corruption-in-fts5-extension"],"vendor":"sqlite","product":"sqlite","version":null,"published_time":"2026-06-09T20:16:32","euvd":{"id":"EUVD-2026-35794","description":"SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bounds read in fts5LeafSeek() via an attacker-controlled loop bound and a heap buffer overflow write in fts5ChunkIterate() through a crafted continuation page causing an integer underflow, exploitable when an FTS5 MATCH query is executed against the malicious database.","published_time":"2026-06-09T19:08:31","cvss":8.5,"cvss_version":"4.0","epss":0.0001,"assigner":"VulnCheck","references":["https://sqlite.org/src/info/061febcf41ca","https://sqlite.org/src/info/4a5ad516ea93","https://sqlite.org/releaselog/3_53_2.html","https://www.vulncheck.com/advisories/sqlite-before-memory-corruption-in-fts5-extension"],"products":["SQLite"],"vendors":["SQLite"]}},{"cve_id":"CVE-2026-11824","summary":"SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4. Attackers can trigger an integer underflow in fts5ChunkIterate() causing an inflated remaining byte count during FTS5 MATCH query processing, leading to a heap buffer overflow of attacker-controlled data in applications compiled with SQLITE_ENABLE_FTS5.","cvss":8.5,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":8.5,"epss":0.00013,"ranking_epss":0.0239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://sqlite.org/releaselog/3_53_2.html","https://sqlite.org/src/info/061febcf41ca","https://sqlite.org/src/info/4a5ad516ea93","https://www.vulncheck.com/advisories/sqlite-before-heap-buffer-overflow-via-fts5-fts5chunkiterate"],"vendor":"sqlite","product":"sqlite","version":null,"published_time":"2026-06-09T20:16:32","euvd":{"id":"EUVD-2026-35801","description":"SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4. Attackers can trigger an integer underflow in fts5ChunkIterate() causing an inflated remaining byte count during FTS5 MATCH query processing, leading to a heap buffer overflow of attacker-controlled data in applications compiled with SQLITE_ENABLE_FTS5.","published_time":"2026-06-09T19:21:42","cvss":8.5,"cvss_version":"4.0","epss":0.0001,"assigner":"VulnCheck","references":["https://sqlite.org/src/info/061febcf41ca","https://sqlite.org/src/info/4a5ad516ea93","https://sqlite.org/releaselog/3_53_2.html","https://www.vulncheck.com/advisories/sqlite-before-heap-buffer-overflow-via-fts5-fts5chunkiterate"],"products":["SQLite"],"vendors":["SQLite"]}},{"cve_id":"CVE-2026-8863","summary":"Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":5e-05,"ranking_epss":0.00267,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://kb.cert.org/vuls/id/616257","https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8863","https://www.kb.cert.org/vuls/id/616257"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:59","euvd":{"id":"EUVD-2026-35791","description":"Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders.","published_time":"2026-06-09T18:10:15","cvss":7.8,"cvss_version":"3.1","epss":0.0001,"assigner":"certcc","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-8863","https://kb.cert.org/vuls/id/616257"],"products":["Service Center Enterprise","Factory for Linux (Bootable Diagnostics)","Service Center Japan","Abitti 1","RosaLinux","OracleLinux(7.2) shim","WhiteCanyon WipeDrive","Baramundi Management Suite","RosaLinux","Service Center Drive Erase","OpenSUSE shim","Service Center","Network Factory for Linux (Bootable Diagnostics)","WTGCreator"],"vendors":["NTC IT ROSA LLC","Blancco UK","PC-Doctor","Spyrus","Oracle Corporation","Baramundi Software","SUSE Linux","Finland Matriculation Board"]}},{"cve_id":"CVE-2026-40639","summary":"Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges.","cvss":5.7,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.7,"cvss_v4":null,"epss":0.00019,"ranking_epss":0.053,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.dell.com/support/kbdoc/en-us/000453482/dsa-2026-197"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:53","euvd":{"id":"EUVD-2026-35789","description":"Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges.","published_time":"2026-06-09T18:04:53","cvss":5.7,"cvss_version":"3.1","epss":0.0002,"assigner":"dell","references":["https://www.dell.com/support/kbdoc/en-us/000453482/dsa-2026-197"],"products":["Dell Edge Gateway 3000","Precision 3930 Rack","Dell Precision 3930 Rack","Latitude 7220 Rugged Extreme","Latitude Rugged 5424","Dell Edge Gateway 5000","Latitude Rugged 7220EX","Latitude Rugged 7424","DELL EMBEDDED PC 3000","Dell Precision 3630 Tower","Latitude Rugged 5420","DELL EMBEDDED PC 5000"],"vendors":["Dell"]}},{"cve_id":"CVE-2026-36823","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W20E/formAddWebAuthUser"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:48","euvd":{"id":"EUVD-2026-35968","description":"Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0025,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W20E/formAddWebAuthUser"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-39169","summary":"SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11609,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://gist.github.com/ql288470-pixel/c30caddaa3204d49d82317bb92bffa43","https://gist.github.com/ql288470-pixel/c30caddaa3204d49d82317bb92bffa43"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:48","euvd":{"id":"EUVD-2026-35970","description":"SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0004,"assigner":"mitre","references":["https://gist.github.com/ql288470-pixel/c30caddaa3204d49d82317bb92bffa43"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-39170","summary":"SemCms 5.0 is vulnerable to Cross Site Request Forgery (CSRF) via crafted POST request to /admin/semcms_user.php.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00017,"ranking_epss":0.04205,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://gist.github.com/ql288470-pixel/41e01787357416458212dbbfd06c6d73"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:48","euvd":{"id":"EUVD-2026-35971","description":"SemCms 5.0 is vulnerable to Cross Site Request Forgery (CSRF) via crafted POST request to /admin/semcms_user.php.","published_time":"2026-06-09T00:00:00","cvss":6.3,"cvss_version":"3.1","epss":0.0002,"assigner":"mitre","references":["https://gist.github.com/ql288470-pixel/41e01787357416458212dbbfd06c6d73"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36815","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the hostname parameter of the formSetNetCheckTools function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formSetNetCheckTools"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:47","euvd":{"id":"EUVD-2026-35960","description":"Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the hostname parameter of the formSetNetCheckTools function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formSetNetCheckTools"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36816","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formAddWewifiWhiteUser"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:47","euvd":{"id":"EUVD-2026-35961","description":"Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0002,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formAddWewifiWhiteUser"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36817","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formAddWebAuthWhiteUser"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:47","euvd":{"id":"EUVD-2026-35962","description":"Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0002,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formAddWebAuthWhiteUser"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36818","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W20E/formAddWewifiWhiteUser"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:47","euvd":{"id":"EUVD-2026-35963","description":"Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0002,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W20E/formAddWewifiWhiteUser"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36819","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W20E/fromSetDhcpRules"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:47","euvd":{"id":"EUVD-2026-35964","description":"Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0025,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W20E/fromSetDhcpRules"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36820","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W20E/formAddWebAuthWhiteUser"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:47","euvd":{"id":"EUVD-2026-35965","description":"Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0025,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W20E/formAddWebAuthWhiteUser"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36821","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W20E/formCropAndSetWewifiPic"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:47","euvd":{"id":"EUVD-2026-35966","description":"Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0025,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W20E/formCropAndSetWewifiPic"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36822","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W20E/formDelStaState"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:47","euvd":{"id":"EUVD-2026-35967","description":"Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0025,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W20E/formDelStaState"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36803","summary":"Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the qossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/PW201A/qossetting","https://github.com/xhh0124/SemVulLLM/tree/main/PW201A/qossetting"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:46","euvd":{"id":"EUVD-2026-35951","description":"Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the qossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0002,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/PW201A/qossetting"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36805","summary":"Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple buffer overflows in the Saveqqlist function via the qqStr and markStr parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/PW201A/L7IM"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:46","euvd":{"id":"EUVD-2026-35952","description":"Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple buffer overflows in the Saveqqlist function via the qqStr and markStr parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/PW201A/L7IM"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36806","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formModifyWebAuthUser"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:46","euvd":{"id":"EUVD-2026-35953","description":"Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formModifyWebAuthUser"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36807","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formAddWebAuthUser"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:46","euvd":{"id":"EUVD-2026-35954","description":"Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formAddWebAuthUser"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36808","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formAddWebAuthUser"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:46","euvd":{"id":"EUVD-2026-35955","description":"Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0002,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formAddWebAuthUser"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36809","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteID parameter of the formModifyWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formModifyWebAuthWhiteUser"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:46","euvd":{"id":"EUVD-2026-35956","description":"Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteID parameter of the formModifyWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0002,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formModifyWebAuthWhiteUser"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36810","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the gotoUrl parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formPortalAuth"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:46","euvd":{"id":"EUVD-2026-35957","description":"Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the gotoUrl parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0002,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formPortalAuth"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36811","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the picName parameter of the formDelwebAuthPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formDelwebAuthPic"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:46","euvd":{"id":"EUVD-2026-35958","description":"Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the picName parameter of the formDelwebAuthPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0002,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formDelwebAuthPic"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36813","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formCropAndSetWewifiPic"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:46","euvd":{"id":"EUVD-2026-35959","description":"Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W15E/formCropAndSetWewifiPic"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36796","summary":"Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/G0/formCropAndSetWewifiPic"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:45","euvd":{"id":"EUVD-2026-35944","description":"Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/G0/formCropAndSetWewifiPic"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36797","summary":"Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the IPMacBindRuleIp parameter of the formIPMacBindModify function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/G0/formIPMacBindModify"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:45","euvd":{"id":"EUVD-2026-35945","description":"Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the IPMacBindRuleIp parameter of the formIPMacBindModify function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/G0/formIPMacBindModify"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36798","summary":"Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple stack overflows in the formSetDebugCfgr function via the enable, level, and module parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00159,"ranking_epss":0.36578,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/G0/formSetDebugCfg"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:45","euvd":{"id":"EUVD-2026-35946","description":"Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple stack overflows in the formSetDebugCfgr function via the enable, level, and module parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":6.5,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/G0/formSetDebugCfg"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36799","summary":"Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the portalAuth parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/G0/formPortalAuth"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:45","euvd":{"id":"EUVD-2026-35947","description":"Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the portalAuth parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/G0/formPortalAuth"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36800","summary":"Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindIndex parameter of the formIPMacBindDel function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/G0/formIPMacBindDel","https://github.com/xhh0124/SemVulLLM/tree/main/G0/formIPMacBindDel"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:45","euvd":{"id":"EUVD-2026-35948","description":"Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindIndex parameter of the formIPMacBindDel function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/G0/formIPMacBindDel"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36801","summary":"Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindRule parameter of the formIPMacBindAdd function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/G0/formIPMacBindAdd","https://github.com/xhh0124/SemVulLLM/tree/main/G0/formIPMacBindAdd"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:45","euvd":{"id":"EUVD-2026-35949","description":"Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindRule parameter of the formIPMacBindAdd function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/G0/formIPMacBindAdd"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36802","summary":"Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the SafeMacFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/PW201A/SafeMacFilter","https://github.com/xhh0124/SemVulLLM/tree/main/PW201A/SafeMacFilter"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:45","euvd":{"id":"EUVD-2026-35950","description":"Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the SafeMacFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0002,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/PW201A/SafeMacFilter"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36778","summary":"Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the username parameter of the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":4.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.9,"cvss_v4":null,"epss":0.00149,"ranking_epss":0.35275,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/O3/R7WebsSecurityHandler"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:44","euvd":{"id":"EUVD-2026-35936","description":"Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the username parameter of the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":4.9,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/O3/R7WebsSecurityHandler"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36779","summary":"Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, __s2, __s1_00, and puVar3 parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/O3/fromVirtualSer","https://github.com/xhh0124/SemVulLLM/tree/main/O3/fromVirtualSer"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:44","euvd":{"id":"EUVD-2026-35937","description":"Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, __s2, __s1_00, and puVar3 parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/O3/fromVirtualSer"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36783","summary":"Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the domain parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/O3/fromNetToolGet","https://github.com/xhh0124/SemVulLLM/tree/main/O3/fromNetToolGet"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:44","euvd":{"id":"EUVD-2026-35938","description":"Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the domain parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/O3/fromNetToolGet"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36784","summary":"Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the ip parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/O3/fromNetToolGet_ip"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:44","euvd":{"id":"EUVD-2026-35939","description":"Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the ip parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0002,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/O3/fromNetToolGet_ip"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36791","summary":"Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was discovered to contain a stack overflow in the save_list_data parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/O3/formSetCfm","https://github.com/xhh0124/SemVulLLM/tree/main/O3/formSetCfm"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:44","euvd":{"id":"EUVD-2026-35940","description":"Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was discovered to contain a stack overflow in the save_list_data parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/O3/formSetCfm"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36792","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formWifiRadioSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W3/formWifiRadioSet"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:44","euvd":{"id":"EUVD-2026-35941","description":"Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formWifiRadioSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W3/formWifiRadioSet"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36793","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the formwrlSSIDset function via the mit_ssid and mis_ssid_index parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W3/FUN_00442b44","https://github.com/xhh0124/SemVulLLM/tree/main/W3/FUN_00442b44"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:44","euvd":{"id":"EUVD-2026-35942","description":"Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the formwrlSSIDset function via the mit_ssid and mis_ssid_index parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W3/FUN_00442b44"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36794","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the R7WebsSecurityHandler function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00254,"ranking_epss":0.48992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W3/R7WebsSecurityHandler","https://github.com/xhh0124/SemVulLLM/tree/main/W3/R7WebsSecurityHandler"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:44","euvd":{"id":"EUVD-2026-35943","description":"Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the R7WebsSecurityHandler function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W3/R7WebsSecurityHandler"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36726","summary":"An arbitrary file deletion vulnerability in the /api/delete-temp-license/{file} endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00589,"ranking_epss":0.69631,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/CC-T-454455/Vulnerabilities/tree/master/bookcars/vulnerability-11","https://github.com/CC-T-454455/Vulnerabilities/tree/master/bookcars/vulnerability-11"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:43","euvd":{"id":"EUVD-2026-35928","description":"An arbitrary file deletion vulnerability in the /api/delete-temp-license/{file} endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences.","published_time":"2026-06-09T00:00:00","cvss":5.3,"cvss_version":"3.1","epss":0.0012,"assigner":"mitre","references":["https://github.com/CC-T-454455/Vulnerabilities/tree/master/bookcars/vulnerability-11"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36727","summary":"An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.12986,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/CC-T-454455/Vulnerabilities/tree/master/bookcars/vulnerability-1","https://github.com/CC-T-454455/Vulnerabilities/tree/master/bookcars/vulnerability-1"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:43","euvd":{"id":"EUVD-2026-35929","description":"An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.","published_time":"2026-06-09T00:00:00","cvss":9.1,"cvss_version":"3.1","epss":0.0002,"assigner":"mitre","references":["https://github.com/CC-T-454455/Vulnerabilities/tree/master/bookcars/vulnerability-1"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36728","summary":"A markdown based cross-site scripting (XSS) vulnerability in the AI assistant chat function of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a chat message.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-7"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:43","euvd":{"id":"EUVD-2026-35930","description":"A markdown based cross-site scripting (XSS) vulnerability in the AI assistant chat function of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a chat message.","published_time":"2026-06-09T00:00:00","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"mitre","references":["https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-7"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36770","summary":"Shenzhen Tenda Technology Co., Ltd Tenda US_W3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W3/ask_to_reboot"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:43","euvd":{"id":"EUVD-2026-35931","description":"Shenzhen Tenda Technology Co., Ltd Tenda US_W3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0004,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W3/ask_to_reboot"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36771","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W3/formwrlSSIDset"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:43","euvd":{"id":"EUVD-2026-35932","description":"Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0004,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W3/formwrlSSIDset"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36772","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03572,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W3/formwrlSSIDget"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:43","euvd":{"id":"EUVD-2026-35933","description":"Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.","published_time":"2026-06-09T00:00:00","cvss":6.5,"cvss_version":"3.1","epss":0.0002,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W3/formwrlSSIDget"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36773","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00015,"ranking_epss":0.03572,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W3/ask_to_reboot"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:43","euvd":{"id":"EUVD-2026-35934","description":"Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.","published_time":"2026-06-09T00:00:00","cvss":6.5,"cvss_version":"3.1","epss":0.0002,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W3/ask_to_reboot"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36777","summary":"Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the param_1 parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18926,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/xhh0124/SemVulLLM/tree/main/W3/formSetCfm"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:43","euvd":{"id":"EUVD-2026-35935","description":"Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the param_1 parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.","published_time":"2026-06-09T00:00:00","cvss":6.5,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://github.com/xhh0124/SemVulLLM/tree/main/W3/formSetCfm"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36719","summary":"An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13714,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/CC-T-454455/Vulnerabilities/tree/master/agent-chat/vulnerability-3","https://github.com/CC-T-454455/Vulnerabilities/tree/master/agent-chat/vulnerability-3"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:42","euvd":{"id":"EUVD-2026-35921","description":"An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0002,"assigner":"mitre","references":["https://github.com/CC-T-454455/Vulnerabilities/tree/master/agent-chat/vulnerability-3"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36720","summary":"Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06772,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/CC-T-454455/Vulnerabilities/tree/master/bookcars/vulnerability-3","https://github.com/CC-T-454455/Vulnerabilities/tree/master/bookcars/vulnerability-3"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:42","euvd":{"id":"EUVD-2026-35922","description":"Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type.","published_time":"2026-06-09T00:00:00","cvss":8.1,"cvss_version":"3.1","epss":0.0002,"assigner":"mitre","references":["https://github.com/CC-T-454455/Vulnerabilities/tree/master/bookcars/vulnerability-3"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36721","summary":"A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.1605,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/CC-T-454455/Vulnerabilities/tree/master/bookcars/vulnerability-2","https://github.com/CC-T-454455/Vulnerabilities/tree/master/bookcars/vulnerability-2"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:42","euvd":{"id":"EUVD-2026-35923","description":"A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.","published_time":"2026-06-09T00:00:00","cvss":9.8,"cvss_version":"3.1","epss":0.0002,"assigner":"mitre","references":["https://github.com/CC-T-454455/Vulnerabilities/tree/master/bookcars/vulnerability-2"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36722","summary":"An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.10561,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/CC-T-454455/Vulnerabilities/tree/master/bookcars/vulnerability-16"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:42","euvd":{"id":"EUVD-2026-35924","description":"An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file.","published_time":"2026-06-09T00:00:00","cvss":5.4,"cvss_version":"3.1","epss":0.0002,"assigner":"mitre","references":["https://github.com/CC-T-454455/Vulnerabilities/tree/master/bookcars/vulnerability-16"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36723","summary":"An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to sensitive files, the overwriting of critical application files, and remote code execution (RCE).","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.0108,"ranking_epss":0.78255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/CC-T-454455/Vulnerabilities/tree/master/bookcars/vulnerability-17"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:42","euvd":{"id":"EUVD-2026-35925","description":"An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to sensitive files, the overwriting of critical application files, and remote code execution (RCE).","published_time":"2026-06-09T00:00:00","cvss":8.8,"cvss_version":"3.1","epss":0.0017,"assigner":"mitre","references":["https://github.com/CC-T-454455/Vulnerabilities/tree/master/bookcars/vulnerability-17"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36724","summary":"An uncaught exception in the /application/job/update/{id} endpoint of FastapiAdmin v2.2.0 allows authenticated attackers with the module_task:job:update permission to cause a Denial of Service (DoS) via manipulating the func field of scheduled tasks.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00039,"ranking_epss":0.12201,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-8","https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-8"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:42","euvd":{"id":"EUVD-2026-35926","description":"An uncaught exception in the /application/job/update/{id} endpoint of FastapiAdmin v2.2.0 allows authenticated attackers with the module_task:job:update permission to cause a Denial of Service (DoS) via manipulating the func field of scheduled tasks.","published_time":"2026-06-09T00:00:00","cvss":6.5,"cvss_version":"3.1","epss":0.0004,"assigner":"mitre","references":["https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-8"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-36725","summary":"A markdown based cross-site scripting (XSS) vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the notice_content parameter.","cvss":6.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.1,"cvss_v4":null,"epss":0.00029,"ranking_epss":0.08804,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-6","https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-6"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:42","euvd":{"id":"EUVD-2026-35927","description":"A markdown based cross-site scripting (XSS) vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the notice_content parameter.","published_time":"2026-06-09T00:00:00","cvss":6.1,"cvss_version":"3.1","epss":0.0003,"assigner":"mitre","references":["https://github.com/CC-T-454455/Vulnerabilities/tree/master/fastapi-admin/vulnerability-6"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-30141","summary":"An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via a crafted GIF file.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00152,"ranking_epss":0.35662,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/bitbank2/AnimatedGIF/issues/115","https://github.com/bitbank2/AnimatedGIF/issues/115"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:32","euvd":{"id":"EUVD-2026-35920","description":"An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via a crafted GIF file.","published_time":"2026-06-09T00:00:00","cvss":9.8,"cvss_version":"3.1","epss":0.0015,"assigner":"mitre","references":["https://github.com/bitbank2/AnimatedGIF/issues/115"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2025-52292","summary":"A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://infosec.exchange/@sigdevel/116707273214520860"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:31","euvd":{"id":"EUVD-2025-210088","description":"A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0004,"assigner":"mitre","references":["https://infosec.exchange/@sigdevel/116707273214520860"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2025-52293","summary":"A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS data.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://infosec.exchange/@sigdevel/116710484148913883"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:31","euvd":{"id":"EUVD-2025-210089","description":"A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS data.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0004,"assigner":"mitre","references":["https://infosec.exchange/@sigdevel/116710484148913883"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2025-55651","summary":"A NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02141,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://infosec.exchange/@sigdevel/116710512103919834","https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/4/4_poc.mp4"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:31","euvd":{"id":"EUVD-2025-210090","description":"A NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.","published_time":"2026-06-09T00:00:00","cvss":5.5,"cvss_version":"3.1","epss":0.0002,"assigner":"mitre","references":["https://infosec.exchange/@sigdevel/116710512103919834"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2025-55657","summary":"A NULL pointer dereference in the gf_odf_vvc_cfg_write_bs function (odf/descriptors.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12381,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://infosec.exchange/@sigdevel/116710754169365223"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:31","euvd":{"id":"EUVD-2025-210091","description":"A NULL pointer dereference in the gf_odf_vvc_cfg_write_bs function (odf/descriptors.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0004,"assigner":"mitre","references":["https://infosec.exchange/@sigdevel/116710754169365223"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2025-55658","summary":"GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf_opus_parse_packet_header function (media_tools/av_parsers.c). bThis vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.10425,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://infosec.exchange/@sigdevel/116710224797830572"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:31","euvd":{"id":"EUVD-2025-210092","description":"GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf_opus_parse_packet_header function (media_tools/av_parsers.c). bThis vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.","published_time":"2026-06-09T00:00:00","cvss":6.5,"cvss_version":"3.1","epss":0.0003,"assigner":"mitre","references":["https://infosec.exchange/@sigdevel/116710224797830572"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2025-55659","summary":"A NULL pointer dereference in the ctts_box_write function (isomedia/box_code_base.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00034,"ranking_epss":0.10473,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://infosec.exchange/@sigdevel/116710743410087676"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:31","euvd":{"id":"EUVD-2025-210093","description":"A NULL pointer dereference in the ctts_box_write function (isomedia/box_code_base.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.","published_time":"2026-06-09T00:00:00","cvss":6.5,"cvss_version":"3.1","epss":0.0003,"assigner":"mitre","references":["https://infosec.exchange/@sigdevel/116710743410087676"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-10045","summary":"Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash, inspect active connections, and view currently connected devices.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00038,"ranking_epss":0.11607,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://rubenabreu.xyz/post/temu-routers-and-their-implications","https://rubenabreu.xyz/post/temu-routers-and-their-implications"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:17:31","euvd":{"id":"EUVD-2026-35790","description":"Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash, inspect active connections, and view currently connected devices.","published_time":"2026-06-09T18:09:56","cvss":9.8,"cvss_version":"3.1","epss":0.0004,"assigner":"certcc","references":["https://rubenabreu.xyz/post/temu-routers-and-their-implications"],"products":["DR300"],"vendors":["Shenzhen Kangda Xin Intelligent Network Technology Co., Ltd"]}},{"cve_id":"CVE-2023-43688","summary":"An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). There is a Heap buffer overflow in various buffer encryption utilities.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00023,"ranking_epss":0.06691,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.malwarebytes.com/secure/cves/cve-2023-43688"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:16:42","euvd":{"id":"EUVD-2023-60586","description":"An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). There is a Heap buffer overflow in various buffer encryption utilities.","published_time":"2026-06-09T00:00:00","cvss":7.5,"cvss_version":"3.1","epss":0.0002,"assigner":"mitre","references":["https://www.malwarebytes.com/secure/cves/cve-2023-43688"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2023-29146","summary":"The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value (32-bit). Attackers could create a colliding hash value for two different strings by attaching 4GB of data to a string that is less than 4GB in size.","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.0178,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.malwarebytes.com/secure/cves/cve-2023-29146"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:16:41","euvd":{"id":"EUVD-2023-60584","description":"The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value (32-bit). Attackers could create a colliding hash value for two different strings by attaching 4GB of data to a string that is less than 4GB in size.","published_time":"2026-06-09T00:00:00","cvss":8.2,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://www.malwarebytes.com/secure/cves/cve-2023-29146"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2023-43686","summary":"An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). A large number of Firefox preference files can cause the parser to ignore other browser configuration files, leading to a denial of service.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02141,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.malwarebytes.com/secure/cves/cve-2023-43686"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T19:16:41","euvd":{"id":"EUVD-2023-60585","description":"An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). A large number of Firefox preference files can cause the parser to ignore other browser configuration files, leading to a denial of service.","published_time":"2026-06-09T00:00:00","cvss":6.2,"cvss_version":"3.1","epss":0.0001,"assigner":"mitre","references":["https://www.malwarebytes.com/secure/cves/cve-2023-43686"],"products":["n/a"],"vendors":["n/a"]}},{"cve_id":"CVE-2026-50635","summary":"LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the default (and documented) configuration, so LSHttpRequest::checkIsAllowedHost() results in no operation. A remote, unauthenticated attacker who submits a forgotten-password request for a known account (requiring only the target's username and email) with a spoofed Host header causes LimeSurvey to email that account a reset link whose hostname is attacker-controlled while embedding the genuine validation_key. When the recipient or an automated inbound mail-security link scanner dereferences the link, the valid reset token is disclosed to the attacker, who replays it against the legitimate host's newPassword endpoint to set a new password and take over the account.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":8.7,"epss":0.00072,"ranking_epss":0.22092,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/LimeSurvey/LimeSurvey/pull/5032","https://www.limesurvey.org/","https://www.vulncheck.com/advisories/limesurvey-password-reset-host-header-injection-discloses-reset-token"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T18:17:10","euvd":{"id":"EUVD-2026-35769","description":"LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the default (and documented) configuration, so LSHttpRequest::checkIsAllowedHost() results in no operation. A remote, unauthenticated attacker who submits a forgotten-password request for a known account (requiring only the target's username and email) with a spoofed Host header causes LimeSurvey to email that account a reset link whose hostname is attacker-controlled while embedding the genuine validation_key. When the recipient or an automated inbound mail-security link scanner dereferences the link, the valid reset token is disclosed to the attacker, who replays it against the legitimate host's newPassword endpoint to set a new password and take over the account.","published_time":"2026-06-09T17:34:30","cvss":8.7,"cvss_version":"4.0","epss":0.0007,"assigner":"VulnCheck","references":["https://github.com/LimeSurvey/LimeSurvey/pull/5032","https://www.limesurvey.org/","https://www.vulncheck.com/advisories/limesurvey-password-reset-host-header-injection-discloses-reset-token"],"products":["LimeSurvey"],"vendors":["LimeSurvey"]}},{"cve_id":"CVE-2026-50636","summary":"The RemoteControl API methods invite_participants and remind_participants pass a caller-supplied token-ID array into TokenDynamic::findUninvited(), which concatenates the values directly into a tid IN ('...') SQL clause without parameterization or input validation. A remote, authenticated attacker holding the tokens/update permission on a survey can inject a crafted array element to perform SQL injection. Because LimeSurvey configures its PDO connection with emulated prepared statements (emulatePrepare = true) and does not disable MySQL multi-statements, the injection supports stacked queries: the attacker can append arbitrary additional statements (INSERT/UPDATE/DELETE/DROP/CREATE) after the original SELECT. This permits both arbitrary read of any data in the database, such as administrator bcrypt password hashes (lime_users), survey response PII, session records, and global settings, all recoverable via a SLEEP() time-based blind oracle, and arbitrary write/destruction of that data, including directly overwriting the administrator password hash for immediate account takeover or dropping/truncating tables. Reads and writes extend to any schema the application's database user can access. The RemoteControl interface (RPCInterface = json/xml) must be enabled, which is not the default.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":8.7,"epss":0.00074,"ranking_epss":0.22534,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/LimeSurvey/LimeSurvey/pull/5031","https://www.limesurvey.org/","https://www.vulncheck.com/advisories/limesurvey-remotecontrol-invite-participants-remind-participants-sql-injection"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T18:17:10","euvd":{"id":"EUVD-2026-35770","description":"The RemoteControl API methods invite_participants and remind_participants pass a caller-supplied token-ID array into TokenDynamic::findUninvited(), which concatenates the values directly into a tid IN ('...') SQL clause without parameterization or input validation. A remote, authenticated attacker holding the tokens/update permission on a survey can inject a crafted array element to perform SQL injection. Because LimeSurvey configures its PDO connection with emulated prepared statements (emulatePrepare = true) and does not disable MySQL multi-statements, the injection supports stacked queries: the attacker can append arbitrary additional statements (INSERT/UPDATE/DELETE/DROP/CREATE) after the original SELECT. This permits both arbitrary read of any data in the database, such as administrator bcrypt password hashes (lime_users), survey response PII, session records, and global settings, all recoverable via a SLEEP() time-based blind oracle, and arbitrary write/destruction of that data, including directly overwriting the administrator password hash for immediate account takeover or dropping/truncating tables. Reads and writes extend to any schema the application's database user can access. The RemoteControl interface (RPCInterface = json/xml) must be enabled, which is not the default.","published_time":"2026-06-09T17:34:31","cvss":8.7,"cvss_version":"4.0","epss":0.0007,"assigner":"VulnCheck","references":["https://github.com/LimeSurvey/LimeSurvey/pull/5031","https://www.limesurvey.org/","https://www.vulncheck.com/advisories/limesurvey-remotecontrol-invite-participants-remind-participants-sql-injection"],"products":["LimeSurvey"],"vendors":["LimeSurvey"]}},{"cve_id":"CVE-2026-50512","summary":"Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17512,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50512"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T18:17:09","euvd":{"id":"EUVD-2026-35771","description":"Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:36:32","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50512"],"products":["Microsoft PC Manager"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-50511","summary":"Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00091,"ranking_epss":0.25629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50511"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T18:17:06","euvd":{"id":"EUVD-2026-35772","description":"Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:37:00","cvss":7.8,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50511"],"products":["Microsoft PC Manager"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48293","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"adobe","product":"indesign","version":null,"published_time":"2026-06-09T18:17:03","euvd":{"id":"EUVD-2026-35774","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:48","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48293","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"apple","product":"macos","version":null,"published_time":"2026-06-09T18:17:03","euvd":{"id":"EUVD-2026-35774","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:48","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48293","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"microsoft","product":"windows","version":null,"published_time":"2026-06-09T18:17:03","euvd":{"id":"EUVD-2026-35774","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:48","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-44275","summary":"Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00012,"ranking_epss":0.01847,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.dell.com/support/kbdoc/en-us/000472463/dsa-2026-250"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T18:16:49","euvd":{"id":"EUVD-2026-35788","description":"Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write","published_time":"2026-06-09T17:51:40","cvss":6.3,"cvss_version":"3.1","epss":0.0001,"assigner":"dell","references":["https://www.dell.com/support/kbdoc/en-us/000472463/dsa-2026-250"],"products":["Dell/Alienware Purchased Apps"],"vendors":["Dell"]}},{"cve_id":"CVE-2026-41116","summary":"Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write.","cvss":6.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.3,"cvss_v4":null,"epss":0.00013,"ranking_epss":0.02121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.dell.com/support/kbdoc/en-us/000463760/dsa-2026-215"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T18:16:44","euvd":{"id":"EUVD-2026-35766","description":"Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write.","published_time":"2026-06-09T17:31:23","cvss":6.3,"cvss_version":"3.1","epss":0.0001,"assigner":"dell","references":["https://www.dell.com/support/kbdoc/en-us/000463760/dsa-2026-215"],"products":["Inventory Collector Client"],"vendors":["Dell"]}},{"cve_id":"CVE-2026-34706","summary":"InCopy versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/incopy/apsb26-59.html"],"vendor":"adobe","product":"incopy","version":null,"published_time":"2026-06-09T18:16:43","euvd":{"id":"EUVD-2026-35786","description":"InCopy versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:49:16","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/incopy/apsb26-59.html"],"products":["InCopy"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34706","summary":"InCopy versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/incopy/apsb26-59.html"],"vendor":"apple","product":"macos","version":null,"published_time":"2026-06-09T18:16:43","euvd":{"id":"EUVD-2026-35786","description":"InCopy versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:49:16","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/incopy/apsb26-59.html"],"products":["InCopy"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34706","summary":"InCopy versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/incopy/apsb26-59.html"],"vendor":"microsoft","product":"windows","version":null,"published_time":"2026-06-09T18:16:43","euvd":{"id":"EUVD-2026-35786","description":"InCopy versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:49:16","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/incopy/apsb26-59.html"],"products":["InCopy"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34707","summary":"InCopy versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/incopy/apsb26-59.html"],"vendor":"adobe","product":"incopy","version":null,"published_time":"2026-06-09T18:16:43","euvd":{"id":"EUVD-2026-35787","description":"InCopy versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:49:17","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/incopy/apsb26-59.html"],"products":["InCopy"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34707","summary":"InCopy versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/incopy/apsb26-59.html"],"vendor":"apple","product":"macos","version":null,"published_time":"2026-06-09T18:16:43","euvd":{"id":"EUVD-2026-35787","description":"InCopy versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:49:17","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/incopy/apsb26-59.html"],"products":["InCopy"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34707","summary":"InCopy versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/incopy/apsb26-59.html"],"vendor":"microsoft","product":"windows","version":null,"published_time":"2026-06-09T18:16:43","euvd":{"id":"EUVD-2026-35787","description":"InCopy versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:49:17","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/incopy/apsb26-59.html"],"products":["InCopy"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34708","summary":"InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/incopy/apsb26-59.html"],"vendor":"adobe","product":"incopy","version":null,"published_time":"2026-06-09T18:16:43","euvd":{"id":"EUVD-2026-35785","description":"InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:49:15","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/incopy/apsb26-59.html"],"products":["InCopy"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34708","summary":"InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/incopy/apsb26-59.html"],"vendor":"apple","product":"macos","version":null,"published_time":"2026-06-09T18:16:43","euvd":{"id":"EUVD-2026-35785","description":"InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:49:15","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/incopy/apsb26-59.html"],"products":["InCopy"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34708","summary":"InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/incopy/apsb26-59.html"],"vendor":"microsoft","product":"windows","version":null,"published_time":"2026-06-09T18:16:43","euvd":{"id":"EUVD-2026-35785","description":"InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:49:15","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/incopy/apsb26-59.html"],"products":["InCopy"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34702","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"adobe","product":"indesign","version":null,"published_time":"2026-06-09T18:16:42","euvd":{"id":"EUVD-2026-35773","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:47","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34702","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"apple","product":"macos","version":null,"published_time":"2026-06-09T18:16:42","euvd":{"id":"EUVD-2026-35773","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:47","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34702","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"microsoft","product":"windows","version":null,"published_time":"2026-06-09T18:16:42","euvd":{"id":"EUVD-2026-35773","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:47","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34703","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04839,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"adobe","product":"indesign","version":null,"published_time":"2026-06-09T18:16:42","euvd":{"id":"EUVD-2026-35779","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:52","cvss":5.5,"cvss_version":"3.1","epss":0.0002,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34703","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04839,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"apple","product":"macos","version":null,"published_time":"2026-06-09T18:16:42","euvd":{"id":"EUVD-2026-35779","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:52","cvss":5.5,"cvss_version":"3.1","epss":0.0002,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34703","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04839,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"microsoft","product":"windows","version":null,"published_time":"2026-06-09T18:16:42","euvd":{"id":"EUVD-2026-35779","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:52","cvss":5.5,"cvss_version":"3.1","epss":0.0002,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34704","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04839,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"adobe","product":"indesign","version":null,"published_time":"2026-06-09T18:16:42","euvd":{"id":"EUVD-2026-35782","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:55","cvss":5.5,"cvss_version":"3.1","epss":0.0002,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34704","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04839,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"apple","product":"macos","version":null,"published_time":"2026-06-09T18:16:42","euvd":{"id":"EUVD-2026-35782","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:55","cvss":5.5,"cvss_version":"3.1","epss":0.0002,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34704","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00018,"ranking_epss":0.04839,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"microsoft","product":"windows","version":null,"published_time":"2026-06-09T18:16:42","euvd":{"id":"EUVD-2026-35782","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:55","cvss":5.5,"cvss_version":"3.1","epss":0.0002,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34705","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.06415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"adobe","product":"indesign","version":null,"published_time":"2026-06-09T18:16:42","euvd":{"id":"EUVD-2026-35776","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:50","cvss":5.5,"cvss_version":"3.1","epss":0.0002,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34705","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.06415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"apple","product":"macos","version":null,"published_time":"2026-06-09T18:16:42","euvd":{"id":"EUVD-2026-35776","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:50","cvss":5.5,"cvss_version":"3.1","epss":0.0002,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34705","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00022,"ranking_epss":0.06415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"microsoft","product":"windows","version":null,"published_time":"2026-06-09T18:16:42","euvd":{"id":"EUVD-2026-35776","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:50","cvss":5.5,"cvss_version":"3.1","epss":0.0002,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34698","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"adobe","product":"indesign","version":null,"published_time":"2026-06-09T18:16:41","euvd":{"id":"EUVD-2026-35778","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:51","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34698","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"apple","product":"macos","version":null,"published_time":"2026-06-09T18:16:41","euvd":{"id":"EUVD-2026-35778","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:51","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34698","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"microsoft","product":"windows","version":null,"published_time":"2026-06-09T18:16:41","euvd":{"id":"EUVD-2026-35778","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:51","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34699","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"adobe","product":"indesign","version":null,"published_time":"2026-06-09T18:16:41","euvd":{"id":"EUVD-2026-35777","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:50","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34699","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"apple","product":"macos","version":null,"published_time":"2026-06-09T18:16:41","euvd":{"id":"EUVD-2026-35777","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:50","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34699","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"microsoft","product":"windows","version":null,"published_time":"2026-06-09T18:16:41","euvd":{"id":"EUVD-2026-35777","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:50","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34700","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"adobe","product":"indesign","version":null,"published_time":"2026-06-09T18:16:41","euvd":{"id":"EUVD-2026-35781","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:54","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34700","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"apple","product":"macos","version":null,"published_time":"2026-06-09T18:16:41","euvd":{"id":"EUVD-2026-35781","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:54","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34700","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"microsoft","product":"windows","version":null,"published_time":"2026-06-09T18:16:41","euvd":{"id":"EUVD-2026-35781","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:54","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34701","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"adobe","product":"indesign","version":null,"published_time":"2026-06-09T18:16:41","euvd":{"id":"EUVD-2026-35784","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:56","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34701","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"apple","product":"macos","version":null,"published_time":"2026-06-09T18:16:41","euvd":{"id":"EUVD-2026-35784","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:56","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34701","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"microsoft","product":"windows","version":null,"published_time":"2026-06-09T18:16:41","euvd":{"id":"EUVD-2026-35784","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:56","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34694","summary":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.18123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T18:16:40","euvd":{"id":"EUVD-2026-35764","description":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T17:13:23","cvss":5.9,"cvss_version":"3.1","epss":0.0006,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"products":["Adobe Experience Manager Forms JEE"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34694","summary":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.18123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"vendor":"apple","product":"iphone_os","version":null,"published_time":"2026-06-09T18:16:40","euvd":{"id":"EUVD-2026-35764","description":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T17:13:23","cvss":5.9,"cvss_version":"3.1","epss":0.0006,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"products":["Adobe Experience Manager Forms JEE"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34694","summary":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.18123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"vendor":"apple","product":"macos","version":null,"published_time":"2026-06-09T18:16:40","euvd":{"id":"EUVD-2026-35764","description":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T17:13:23","cvss":5.9,"cvss_version":"3.1","epss":0.0006,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"products":["Adobe Experience Manager Forms JEE"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34694","summary":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.18123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"vendor":"google","product":"android","version":null,"published_time":"2026-06-09T18:16:40","euvd":{"id":"EUVD-2026-35764","description":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T17:13:23","cvss":5.9,"cvss_version":"3.1","epss":0.0006,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"products":["Adobe Experience Manager Forms JEE"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34694","summary":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.18123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"vendor":"linux","product":"linux_kernel","version":null,"published_time":"2026-06-09T18:16:40","euvd":{"id":"EUVD-2026-35764","description":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T17:13:23","cvss":5.9,"cvss_version":"3.1","epss":0.0006,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"products":["Adobe Experience Manager Forms JEE"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34694","summary":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.9,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.18123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"vendor":"microsoft","product":"windows","version":null,"published_time":"2026-06-09T18:16:40","euvd":{"id":"EUVD-2026-35764","description":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T17:13:23","cvss":5.9,"cvss_version":"3.1","epss":0.0006,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"products":["Adobe Experience Manager Forms JEE"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34695","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"adobe","product":"indesign","version":null,"published_time":"2026-06-09T18:16:40","euvd":{"id":"EUVD-2026-35783","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:55","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34695","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"apple","product":"macos","version":null,"published_time":"2026-06-09T18:16:40","euvd":{"id":"EUVD-2026-35783","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:55","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34695","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"microsoft","product":"windows","version":null,"published_time":"2026-06-09T18:16:40","euvd":{"id":"EUVD-2026-35783","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:55","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34696","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.1003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"adobe","product":"indesign","version":null,"published_time":"2026-06-09T18:16:40","euvd":{"id":"EUVD-2026-35780","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:53","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34696","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.1003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"apple","product":"macos","version":null,"published_time":"2026-06-09T18:16:40","euvd":{"id":"EUVD-2026-35780","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:53","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34696","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00033,"ranking_epss":0.1003,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"microsoft","product":"windows","version":null,"published_time":"2026-06-09T18:16:40","euvd":{"id":"EUVD-2026-35780","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:53","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34697","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"adobe","product":"indesign","version":null,"published_time":"2026-06-09T18:16:40","euvd":{"id":"EUVD-2026-35775","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:49","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34697","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"apple","product":"macos","version":null,"published_time":"2026-06-09T18:16:40","euvd":{"id":"EUVD-2026-35775","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:49","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34697","summary":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00025,"ranking_epss":0.07415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"vendor":"microsoft","product":"windows","version":null,"published_time":"2026-06-09T18:16:40","euvd":{"id":"EUVD-2026-35775","description":"InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","published_time":"2026-06-09T17:43:49","cvss":7.8,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/indesign/apsb26-58.html"],"products":["InDesign Desktop"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34693","summary":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T18:16:39","euvd":{"id":"EUVD-2026-35765","description":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.","published_time":"2026-06-09T17:13:24","cvss":8.0,"cvss_version":"3.1","epss":0.001,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"products":["Adobe Experience Manager Forms JEE"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34693","summary":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"vendor":"apple","product":"iphone_os","version":null,"published_time":"2026-06-09T18:16:39","euvd":{"id":"EUVD-2026-35765","description":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.","published_time":"2026-06-09T17:13:24","cvss":8.0,"cvss_version":"3.1","epss":0.001,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"products":["Adobe Experience Manager Forms JEE"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34693","summary":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"vendor":"apple","product":"macos","version":null,"published_time":"2026-06-09T18:16:39","euvd":{"id":"EUVD-2026-35765","description":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.","published_time":"2026-06-09T17:13:24","cvss":8.0,"cvss_version":"3.1","epss":0.001,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"products":["Adobe Experience Manager Forms JEE"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34693","summary":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"vendor":"google","product":"android","version":null,"published_time":"2026-06-09T18:16:39","euvd":{"id":"EUVD-2026-35765","description":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.","published_time":"2026-06-09T17:13:24","cvss":8.0,"cvss_version":"3.1","epss":0.001,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"products":["Adobe Experience Manager Forms JEE"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34693","summary":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"vendor":"linux","product":"linux_kernel","version":null,"published_time":"2026-06-09T18:16:39","euvd":{"id":"EUVD-2026-35765","description":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.","published_time":"2026-06-09T17:13:24","cvss":8.0,"cvss_version":"3.1","epss":0.001,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"products":["Adobe Experience Manager Forms JEE"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34693","summary":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"vendor":"microsoft","product":"windows","version":null,"published_time":"2026-06-09T18:16:39","euvd":{"id":"EUVD-2026-35765","description":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.","published_time":"2026-06-09T17:13:24","cvss":8.0,"cvss_version":"3.1","epss":0.001,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"products":["Adobe Experience Manager Forms JEE"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34691","summary":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.","cvss":9.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.3,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T18:16:38","euvd":{"id":"EUVD-2026-35763","description":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.","published_time":"2026-06-09T17:13:22","cvss":9.3,"cvss_version":"3.1","epss":0.001,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"products":["Adobe Experience Manager Forms JEE"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34691","summary":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.","cvss":9.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.3,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"vendor":"apple","product":"iphone_os","version":null,"published_time":"2026-06-09T18:16:38","euvd":{"id":"EUVD-2026-35763","description":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.","published_time":"2026-06-09T17:13:22","cvss":9.3,"cvss_version":"3.1","epss":0.001,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"products":["Adobe Experience Manager Forms JEE"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34691","summary":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.","cvss":9.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.3,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"vendor":"apple","product":"macos","version":null,"published_time":"2026-06-09T18:16:38","euvd":{"id":"EUVD-2026-35763","description":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.","published_time":"2026-06-09T17:13:22","cvss":9.3,"cvss_version":"3.1","epss":0.001,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"products":["Adobe Experience Manager Forms JEE"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34691","summary":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.","cvss":9.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.3,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"vendor":"google","product":"android","version":null,"published_time":"2026-06-09T18:16:38","euvd":{"id":"EUVD-2026-35763","description":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.","published_time":"2026-06-09T17:13:22","cvss":9.3,"cvss_version":"3.1","epss":0.001,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"products":["Adobe Experience Manager Forms JEE"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34691","summary":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.","cvss":9.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.3,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"vendor":"linux","product":"linux_kernel","version":null,"published_time":"2026-06-09T18:16:38","euvd":{"id":"EUVD-2026-35763","description":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.","published_time":"2026-06-09T17:13:22","cvss":9.3,"cvss_version":"3.1","epss":0.001,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"products":["Adobe Experience Manager Forms JEE"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-34691","summary":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.","cvss":9.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.3,"cvss_v4":null,"epss":0.00097,"ranking_epss":0.26735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"vendor":"microsoft","product":"windows","version":null,"published_time":"2026-06-09T18:16:38","euvd":{"id":"EUVD-2026-35763","description":"Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.","published_time":"2026-06-09T17:13:22","cvss":9.3,"cvss_version":"3.1","epss":0.001,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html"],"products":["Adobe Experience Manager Forms JEE"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-28237","summary":"Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability.","cvss":6.8,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":6.8,"epss":0.00014,"ranking_epss":0.02779,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9025.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T18:16:37","euvd":{"id":"EUVD-2026-35768","description":"Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability.","published_time":"2026-06-09T17:34:30","cvss":6.8,"cvss_version":"4.0","epss":0.0001,"assigner":"AMD","references":["https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9025.html"],"products":["AMD μProf"],"vendors":["AMD"]}},{"cve_id":"CVE-2026-0466","summary":"Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service.","cvss":6.8,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":6.8,"epss":0.00014,"ranking_epss":0.02746,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9025.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T18:16:33","euvd":{"id":"EUVD-2026-35767","description":"Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service.","published_time":"2026-06-09T17:33:58","cvss":6.8,"cvss_version":"4.0","epss":0.0001,"assigner":"AMD","references":["https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-9025.html"],"products":["AMD μProf"],"vendors":["AMD"]}},{"cve_id":"CVE-2025-54509","summary":"Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.","cvss":4.0,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":4.0,"epss":0.00012,"ranking_epss":0.01825,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3039.html"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T18:16:32","euvd":{"id":"EUVD-2025-210086","description":"Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.","published_time":"2026-06-09T17:22:26","cvss":4.0,"cvss_version":"4.0","epss":0.0001,"assigner":"AMD","references":["https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3039.html"],"products":["AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed \"Bergamo\")","AMD EPYC™ Embedded 8004 Series Processors","AMD EPYC™ 9004 Series Processors","AMD EPYC™ 8004 Series Processors","AMD EPYC™ 9005 Series Processors","AMD EPYC™ Embedded 9005 Series Processors","AMD EPYC™ Embedded 9004 Series Processors (formerly codenamed \"Genoa\")"],"vendors":["AMD"]}},{"cve_id":"CVE-2026-9210","summary":"Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.","cvss":4.9,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":4.9,"epss":0.00057,"ranking_epss":0.18187,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory","https://www.netgear.com/support/product/ex3700/","https://www.netgear.com/support/product/ex3800/","https://www.netgear.com/support/product/ex6120/","https://www.netgear.com/support/product/ex6130/","https://www.netgear.com/support/product/mr60/","https://www.netgear.com/support/product/mr70/","https://www.netgear.com/support/product/mr80/","https://www.netgear.com/support/product/ms60/","https://www.netgear.com/support/product/ms70/","https://www.netgear.com/support/product/ms80/","https://www.netgear.com/support/product/r6400v2/","https://www.netgear.com/support/product/r6700v3/","https://www.netgear.com/support/product/r6900p/","https://www.netgear.com/support/product/r7000/","https://www.netgear.com/support/product/r7000p/","https://www.netgear.com/support/product/r7960p/","https://www.netgear.com/support/product/r8000p/","https://www.netgear.com/support/product/r8500/","https://www.netgear.com/support/product/rax20/","https://www.netgear.com/support/product/rax35v2/","https://www.netgear.com/support/product/rax40v2/","https://www.netgear.com/support/product/rax41/","https://www.netgear.com/support/product/rax42/","https://www.netgear.com/support/product/rax43/","https://www.netgear.com/support/product/rax45/","https://www.netgear.com/support/product/rax48/","https://www.netgear.com/support/product/rax50/","https://www.netgear.com/support/product/rax50s/","https://www.netgear.com/support/product/raxe450/","https://www.netgear.com/support/product/raxe500/","https://www.netgear.com/support/product/xr1000/"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:51","euvd":{"id":"EUVD-2026-35459","description":"Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.","published_time":"2026-06-09T15:50:48","cvss":4.9,"cvss_version":"4.0","epss":0.0006,"assigner":"NETGEAR","references":["https://www.netgear.com/support/product/ex3700/","https://www.netgear.com/support/product/ex3800/","https://www.netgear.com/support/product/ex6120/","https://www.netgear.com/support/product/mr60/","https://www.netgear.com/support/product/ex6130/","https://www.netgear.com/support/product/ms70/","https://www.netgear.com/support/product/ms60/","https://www.netgear.com/support/product/mr80/","https://www.netgear.com/support/product/ms80/","https://www.netgear.com/support/product/mr70/","https://www.netgear.com/support/product/r6400v2/","https://www.netgear.com/support/product/r6700v3/","https://www.netgear.com/support/product/r6900p/","https://www.netgear.com/support/product/r7960p/","https://www.netgear.com/support/product/r7000p/","https://www.netgear.com/support/product/r8000p/","https://www.netgear.com/support/product/r8500/","https://www.netgear.com/support/product/rax48/","https://www.netgear.com/support/product/r7000/","https://www.netgear.com/support/product/rax40v2/","https://www.netgear.com/support/product/rax20/","https://www.netgear.com/support/product/rax35v2/","https://www.netgear.com/support/product/rax41/","https://www.netgear.com/support/product/rax42/","https://www.netgear.com/support/product/rax45/","https://www.netgear.com/support/product/rax50/","https://www.netgear.com/support/product/rax43/","https://www.netgear.com/support/product/rax50s/","https://www.netgear.com/support/product/raxe450/","https://www.netgear.com/support/product/raxe500/","https://www.netgear.com/support/product/xr1000/","https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"],"products":["RAX50S","RAXE450","MS80","RAX20","RAX43","R6400v2","EX3700","RAX45","RAX42","R7000","EX6120","RAXE500","MS60","R6700v3","MR60","RAX41","EX3800","RAX48","RAX35v2","R6900P","R7000P","MS70","R8500","RAX40v2","MR80","R8000P","XR1000","R8500","RAX50","MR70","R7960P","EX6130"],"vendors":["Netgear"]}},{"cve_id":"CVE-2026-9211","summary":"An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation.","cvss":5.2,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":5.2,"epss":0.00038,"ranking_epss":0.11861,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory","https://www.netgear.com/support/product/cax30/","https://www.netgear.com/support/product/rax30/","https://www.netgear.com/support/product/rax5/","https://www.netgear.com/support/product/raxe300/"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:51","euvd":{"id":"EUVD-2026-35458","description":"An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation.","published_time":"2026-06-09T15:50:48","cvss":5.2,"cvss_version":"4.0","epss":0.0004,"assigner":"NETGEAR","references":["https://www.netgear.com/support/product/cax30/","https://www.netgear.com/support/product/rax30/","https://www.netgear.com/support/product/rax5/","https://www.netgear.com/support/product/raxe300/","https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"],"products":["RAX5","CAX30","RAX30","RAXE300"],"vendors":["Netgear"]}},{"cve_id":"CVE-2026-9212","summary":"Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations.","cvss":5.6,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":5.6,"epss":0.00138,"ranking_epss":0.33616,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory","https://www.netgear.com/support/product/lbr1020/","https://www.netgear.com/support/product/lbr20/","https://www.netgear.com/support/product/r6700ax/","https://www.netgear.com/support/product/r7800/","https://www.netgear.com/support/product/r9000/","https://www.netgear.com/support/product/rax10/","https://www.netgear.com/support/product/rax120/","https://www.netgear.com/support/product/rax120v2/","https://www.netgear.com/support/product/rax36s/","https://www.netgear.com/support/product/rax70/","https://www.netgear.com/support/product/rax78/","https://www.netgear.com/support/product/rbr10/","https://www.netgear.com/support/product/rbr20/","https://www.netgear.com/support/product/rbr350/","https://www.netgear.com/support/product/rbr40/","https://www.netgear.com/support/product/rbr50/","https://www.netgear.com/support/product/rbs10/","https://www.netgear.com/support/product/rbs20/","https://www.netgear.com/support/product/rbs350/","https://www.netgear.com/support/product/rbs40/","https://www.netgear.com/support/product/rbs50/","https://www.netgear.com/support/product/xr450/","https://www.netgear.com/support/product/xr500/"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:51","euvd":{"id":"EUVD-2026-35466","description":"Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting product's confidentiality or change certain configurations.","published_time":"2026-06-09T15:50:53","cvss":5.6,"cvss_version":"4.0","epss":0.0014,"assigner":"NETGEAR","references":["https://www.netgear.com/support/product/lbr20/","https://www.netgear.com/support/product/lbr1020/","https://www.netgear.com/support/product/r6700ax/","https://www.netgear.com/support/product/r9000/","https://www.netgear.com/support/product/r7800/","https://www.netgear.com/support/product/rax10/","https://www.netgear.com/support/product/rax120/","https://www.netgear.com/support/product/rax78/","https://www.netgear.com/support/product/rax120v2/","https://www.netgear.com/support/product/rax70/","https://www.netgear.com/support/product/rbr10/","https://www.netgear.com/support/product/rbr350/","https://www.netgear.com/support/product/rbr40/","https://www.netgear.com/support/product/rbr50/","https://www.netgear.com/support/product/rbs10/","https://www.netgear.com/support/product/rbs20/","https://www.netgear.com/support/product/rax36s/","https://www.netgear.com/support/product/rbr20/","https://www.netgear.com/support/product/rbs50/","https://www.netgear.com/support/product/rbs350/","https://www.netgear.com/support/product/xr500/","https://www.netgear.com/support/product/rbs40/","https://www.netgear.com/support/product/xr450/","https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"],"products":["RBR350","XR450","RBR20","RAX70","RBS350","RBS50","RBR10","RAX120v2","RAX36S","R7800","RAX120","RAX10","RBS20","LBR1020","R6700AX","RBR40","R9000","LBR20","RAX10v2","RBS10","RBS40","RAX120v1","R6700AX","RAX78","RBR50","XR500"],"vendors":["Netgear"]}},{"cve_id":"CVE-2026-9213","summary":"A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device.","cvss":6.9,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":null,"cvss_v4":6.9,"epss":0.00231,"ranking_epss":0.46118,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory","https://www.netgear.com/support/product/mr70/","https://www.netgear.com/support/product/ms70/","https://www.netgear.com/support/product/raxe500/","https://www.netgear.com/support/product/xr1000/"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:51","euvd":{"id":"EUVD-2026-35455","description":"A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper traffic between the router and the Internet, to execute code on the device.","published_time":"2026-06-09T15:50:46","cvss":6.9,"cvss_version":"4.0","epss":0.0023,"assigner":"NETGEAR","references":["https://www.netgear.com/support/product/mr70/","https://www.netgear.com/support/product/ms70/","https://www.netgear.com/support/product/raxe500/","https://www.netgear.com/support/product/xr1000/","https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"],"products":["XR1000","MR70","RAXE500","MS70"],"vendors":["Netgear"]}},{"cve_id":"CVE-2026-50508","summary":"Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00076,"ranking_epss":0.2279,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50508"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:50","euvd":{"id":"EUVD-2026-35529","description":"Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.","published_time":"2026-06-09T17:05:17","cvss":6.5,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50508"],"products":["Windows Server 2012","Windows Server 2012 R2","Windows Server 2016","Windows 10 Version 1607","Windows Server 2012 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 11 version 22H2","Windows Server 2012 R2 (Server Core installation)","Windows Server version 2004","Windows Server 2022"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-7383","summary":"Issue summary: A signed integer overflow when sizing the destination\nbuffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap\nbuffer overflow.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nattacker controlled code execution or other undefined behaviour.\n\nIn ASN1_mbstring_copy() and ASN1_mbstring_ncopy() the destination\nsize for Unicode output is computed in a signed int: by left shift\nof the input character count for BMPSTRING (UTF-16) and\nUNIVERSALSTRING (UTF-32), and by summing per-character byte counts\nfor UTF8STRING. The calculation overflows when the input reaches\naround 2^30 characters. In the worst case (UNIVERSALSTRING at 2^30\ncharacters) the size wraps to zero, OPENSSL_malloc(1) is called, and\nthe subsequent character copy writes several gigabytes past the\none-byte allocation.\n\nX.509 certificate processing routes through ASN1_STRING_set_by_NID(),\nwhose DIRSTRING_TYPE mask excludes UNIVERSALSTRING and whose per-NID\nsize limits cap the input length; no network protocol or\ncertificate-handling path in OpenSSL exercises the overflow.\nTriggering the bug requires an application that calls\nASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly, or registers\na custom string type via ASN1_STRING_TABLE_add(), with\nattacker-controlled input on the order of half a gigabyte or more.\nFor these reasons this issue was assigned Low severity.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by\nthis issue, as the affected code is outside the OpenSSL FIPS module\nboundary.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00067,"ranking_epss":0.20786,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/openssl/openssl/commit/4f8d2bddaa2c8e06f9c33390ee1717059a6e4be6","https://github.com/openssl/openssl/commit/80c15faaf78042bbb8654a0e234c50c381732f74","https://github.com/openssl/openssl/commit/bd17511070fb39a67bfa19682affb765e706a974","https://github.com/openssl/openssl/commit/c332adaced43bcbb85f97410597e951c11ec3083","https://github.com/openssl/openssl/commit/d32350ae8ef7426718f5aa9e383d4b51398ee255","https://openssl-library.org/news/secadv/20260609.txt"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:50","euvd":{"id":"EUVD-2026-35474","description":"Issue summary: A signed integer overflow when sizing the destination\nbuffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap\nbuffer overflow.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nattacker controlled code execution or other undefined behaviour.\n\nIn ASN1_mbstring_copy() and ASN1_mbstring_ncopy() the destination\nsize for Unicode output is computed in a signed int: by left shift\nof the input character count for BMPSTRING (UTF-16) and\nUNIVERSALSTRING (UTF-32), and by summing per-character byte counts\nfor UTF8STRING. The calculation overflows when the input reaches\naround 2^30 characters. In the worst case (UNIVERSALSTRING at 2^30\ncharacters) the size wraps to zero, OPENSSL_malloc(1) is called, and\nthe subsequent character copy writes several gigabytes past the\none-byte allocation.\n\nX.509 certificate processing routes through ASN1_STRING_set_by_NID(),\nwhose DIRSTRING_TYPE mask excludes UNIVERSALSTRING and whose per-NID\nsize limits cap the input length; no network protocol or\ncertificate-handling path in OpenSSL exercises the overflow.\nTriggering the bug requires an application that calls\nASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly, or registers\na custom string type via ASN1_STRING_TABLE_add(), with\nattacker-controlled input on the order of half a gigabyte or more.\nFor these reasons this issue was assigned Low severity.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by\nthis issue, as the affected code is outside the OpenSSL FIPS module\nboundary.","published_time":"2026-06-09T16:03:15","cvss":8.1,"cvss_version":"3.1","epss":0.0007,"assigner":"openssl","references":["https://openssl-library.org/news/secadv/20260609.txt","https://github.com/openssl/openssl/commit/d32350ae8ef7426718f5aa9e383d4b51398ee255","https://github.com/openssl/openssl/commit/c332adaced43bcbb85f97410597e951c11ec3083","https://github.com/openssl/openssl/commit/80c15faaf78042bbb8654a0e234c50c381732f74","https://github.com/openssl/openssl/commit/4f8d2bddaa2c8e06f9c33390ee1717059a6e4be6","https://github.com/openssl/openssl/commit/bd17511070fb39a67bfa19682affb765e706a974"],"products":["OpenSSL","OpenSSL","OpenSSL","OpenSSL","OpenSSL","OpenSSL","OpenSSL"],"vendors":["OpenSSL"]}},{"cve_id":"CVE-2026-9076","summary":"Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap)\nprocesses attacker-supplied CMS data, an attacker-chosen stream-mode KEK\ncipher can trigger a heap out-of-bounds read in kek_unwrap_key().\n\nImpact summary: A heap buffer over-read may trigger a crash which leads to\nDenial of Service for an application if the input buffer ends at a memory\npage boundary and the following page is unmapped. There is no information\ndisclosure as the over-read bytes are not revealed to the attacker.\n\nThe key unwrapping function performs a check-byte test as specified in the\nRFC that reads 7 bytes from a heap allocation that is based on the wrapped\nkey length from the message. There is a minimum length check based on the\nblock length of the wrapping cipher. However the cipher is selected from\nan OID carried in the attacker's PWRI keyEncryptionAlgorithm with no\nrequirement that the cipher be a block cipher. When an attacker selects\na stream-mode cipher the guard will be ineffective and the allocated buffer\ncontaining the unwrapped key can be too small to fit the check-bytes\nspecified in the RFC and a buffer over-read can happen.\n\nApplications calling CMS_decrypt() or CMS_decrypt_set1_password()\n(equivalently openssl cms -decrypt -pwri_password ...) on untrusted CMS\ndata are vulnerable to this issue. No password knowledge is required: the\nover-read happens during the unwrap attempt before any authentication\nsucceeds.\n\nThe over-read is limited to a few bytes and is not written to output, so\nthere is no information disclosure. Triggering a crash requires the\nallocation to border unmapped memory, which is unlikely with the normal\nallocator.\n\nThe FIPS modules are not affected by this issue.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00096,"ranking_epss":0.26531,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/openssl/openssl/commit/05b066366842f930fadd9a6e94df98030af431bb","https://github.com/openssl/openssl/commit/3d8d5bc1056b2f62da9fede23fedbf47e85187b0","https://github.com/openssl/openssl/commit/715349a1d7c6db970e6815dafb90915f07307f98","https://github.com/openssl/openssl/commit/77bf00ab13f6ff5e516535432f0328ed70ec0c26","https://github.com/openssl/openssl/commit/eecbe330977e8d023aae1ca2d9bdbe983ef3fdc6","https://openssl-library.org/news/secadv/20260609.txt"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:50","euvd":{"id":"EUVD-2026-35475","description":"Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap)\nprocesses attacker-supplied CMS data, an attacker-chosen stream-mode KEK\ncipher can trigger a heap out-of-bounds read in kek_unwrap_key().\n\nImpact summary: A heap buffer over-read may trigger a crash which leads to\nDenial of Service for an application if the input buffer ends at a memory\npage boundary and the following page is unmapped. There is no information\ndisclosure as the over-read bytes are not revealed to the attacker.\n\nThe key unwrapping function performs a check-byte test as specified in the\nRFC that reads 7 bytes from a heap allocation that is based on the wrapped\nkey length from the message. There is a minimum length check based on the\nblock length of the wrapping cipher. However the cipher is selected from\nan OID carried in the attacker's PWRI keyEncryptionAlgorithm with no\nrequirement that the cipher be a block cipher. When an attacker selects\na stream-mode cipher the guard will be ineffective and the allocated buffer\ncontaining the unwrapped key can be too small to fit the check-bytes\nspecified in the RFC and a buffer over-read can happen.\n\nApplications calling CMS_decrypt() or CMS_decrypt_set1_password()\n(equivalently openssl cms -decrypt -pwri_password ...) on untrusted CMS\ndata are vulnerable to this issue. No password knowledge is required: the\nover-read happens during the unwrap attempt before any authentication\nsucceeds.\n\nThe over-read is limited to a few bytes and is not written to output, so\nthere is no information disclosure. Triggering a crash requires the\nallocation to border unmapped memory, which is unlikely with the normal\nallocator.\n\nThe FIPS modules are not affected by this issue.","published_time":"2026-06-09T16:03:16","cvss":7.5,"cvss_version":"3.1","epss":0.001,"assigner":"openssl","references":["https://openssl-library.org/news/secadv/20260609.txt","https://github.com/openssl/openssl/commit/3d8d5bc1056b2f62da9fede23fedbf47e85187b0","https://github.com/openssl/openssl/commit/77bf00ab13f6ff5e516535432f0328ed70ec0c26","https://github.com/openssl/openssl/commit/715349a1d7c6db970e6815dafb90915f07307f98","https://github.com/openssl/openssl/commit/05b066366842f930fadd9a6e94df98030af431bb","https://github.com/openssl/openssl/commit/eecbe330977e8d023aae1ca2d9bdbe983ef3fdc6"],"products":["OpenSSL","OpenSSL","OpenSSL","OpenSSL","OpenSSL","OpenSSL","OpenSSL"],"vendors":["OpenSSL"]}},{"cve_id":"CVE-2026-49957","summary":"Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within _remote_terminal_workspace_candidate(). Attackers can configure a remote terminal working directory to a system directory such as /etc, causing the workspace resolution path to accept it as a trusted local workspace root before the _is_blocked_workspace_path() guard executes, enabling read access to local system files through workspace file-read helpers.","cvss":6.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":7.7,"cvss_v4":6.3,"epss":0.00044,"ranking_epss":0.13962,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/nesquena/hermes-webui/commit/91a89fb5d5c0bf87932917f9914ad0150ea62fe4","https://github.com/nesquena/hermes-webui/pull/3731","https://github.com/nesquena/hermes-webui/pull/3744","https://github.com/nesquena/hermes-webui/releases/tag/v0.51.296","https://www.vulncheck.com/advisories/hermes-webui-workspace-boundary-bypass-via-api-workspace-py"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:49","euvd":{"id":"EUVD-2026-35704","description":"Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within _remote_terminal_workspace_candidate(). Attackers can configure a remote terminal working directory to a system directory such as /etc, causing the workspace resolution path to accept it as a trusted local workspace root before the _is_blocked_workspace_path() guard executes, enabling read access to local system files through workspace file-read helpers.","published_time":"2026-06-09T16:25:10","cvss":6.3,"cvss_version":"4.0","epss":0.0004,"assigner":"VulnCheck","references":["https://github.com/nesquena/hermes-webui/releases/tag/v0.51.296","https://github.com/nesquena/hermes-webui/pull/3731","https://github.com/nesquena/hermes-webui/pull/3744","https://github.com/nesquena/hermes-webui/commit/91a89fb5d5c0bf87932917f9914ad0150ea62fe4","https://www.vulncheck.com/advisories/hermes-webui-workspace-boundary-bypass-via-api-workspace-py"],"products":["hermes-webui"],"vendors":["nesquena"]}},{"cve_id":"CVE-2026-49958","summary":"Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use (TOCTOU) race condition vulnerability in the git_discard function within api/workspace_git.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlink after validation but before deletion. Attackers can substitute a workspace-controlled path component with a symlink pointing to an external directory between the safe_resolve_ws() validation step and the subsequent Path.unlink() or shutil.rmtree() deletion call, causing the delete operation to follow the symlink and remove arbitrary files outside the workspace.","cvss":4.3,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":5.0,"cvss_v4":4.3,"epss":0.00012,"ranking_epss":0.01765,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/nesquena/hermes-webui/commit/4580f584964d640b95c4ffc9245a21ab926bec73","https://github.com/nesquena/hermes-webui/pull/3702","https://github.com/nesquena/hermes-webui/pull/3756","https://github.com/nesquena/hermes-webui/releases/tag/v0.51.303","https://www.vulncheck.com/advisories/hermes-webui-toctou-race-condition-via-git-discard","https://github.com/nesquena/hermes-webui/pull/3702"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:49","euvd":{"id":"EUVD-2026-35706","description":"Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use (TOCTOU) race condition vulnerability in the git_discard function within api/workspace_git.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlink after validation but before deletion. Attackers can substitute a workspace-controlled path component with a symlink pointing to an external directory between the safe_resolve_ws() validation step and the subsequent Path.unlink() or shutil.rmtree() deletion call, causing the delete operation to follow the symlink and remove arbitrary files outside the workspace.","published_time":"2026-06-09T16:35:42","cvss":4.3,"cvss_version":"4.0","epss":0.0001,"assigner":"VulnCheck","references":["https://github.com/nesquena/hermes-webui/releases/tag/v0.51.303","https://github.com/nesquena/hermes-webui/pull/3702","https://github.com/nesquena/hermes-webui/pull/3756","https://github.com/nesquena/hermes-webui/commit/4580f584964d640b95c4ffc9245a21ab926bec73","https://www.vulncheck.com/advisories/hermes-webui-toctou-race-condition-via-git-discard"],"products":["hermes-webui"],"vendors":["nesquena"]}},{"cve_id":"CVE-2026-49959","summary":"Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in api/workspace_git.py through vectors such as core.fsmonitor during git status, protocol.ext.allow with ext:: remotes during git fetch, credential.helper, core.askPass, core.gitProxy, or inherited environment variables including GIT_SSH_COMMAND to achieve arbitrary command execution on the host running the application.","cvss":8.7,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":8.7,"epss":0.00324,"ranking_epss":0.55809,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/nesquena/hermes-webui/commit/938ac9f55b53def1eefb48c4c42dabaf9c22e99c","https://github.com/nesquena/hermes-webui/pull/3776","https://github.com/nesquena/hermes-webui/releases/tag/v0.51.311","https://www.vulncheck.com/advisories/hermes-webui-rce-via-git-configuration-injection"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:49","euvd":{"id":"EUVD-2026-35707","description":"Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in api/workspace_git.py through vectors such as core.fsmonitor during git status, protocol.ext.allow with ext:: remotes during git fetch, credential.helper, core.askPass, core.gitProxy, or inherited environment variables including GIT_SSH_COMMAND to achieve arbitrary command execution on the host running the application.","published_time":"2026-06-09T16:46:03","cvss":8.7,"cvss_version":"4.0","epss":0.0032,"assigner":"VulnCheck","references":["https://github.com/nesquena/hermes-webui/releases/tag/v0.51.311","https://github.com/nesquena/hermes-webui/pull/3776","https://github.com/nesquena/hermes-webui/commit/938ac9f55b53def1eefb48c4c42dabaf9c22e99c","https://www.vulncheck.com/advisories/hermes-webui-rce-via-git-configuration-injection"],"products":["hermes-webui"],"vendors":["nesquena"]}},{"cve_id":"CVE-2026-50507","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"vendor":"microsoft","product":"windows_10_1607","version":null,"published_time":"2026-06-09T17:17:49","euvd":{"id":"EUVD-2026-35589","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:55","cvss":6.8,"cvss_version":"3.1","epss":0.001,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"products":["Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2025","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows 10 Version 1607","Windows Server 2012 R2","Windows 10 Version 1809","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-50507","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"vendor":"microsoft","product":"windows_10_1809","version":null,"published_time":"2026-06-09T17:17:49","euvd":{"id":"EUVD-2026-35589","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:55","cvss":6.8,"cvss_version":"3.1","epss":0.001,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"products":["Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2025","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows 10 Version 1607","Windows Server 2012 R2","Windows 10 Version 1809","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-50507","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:49","euvd":{"id":"EUVD-2026-35589","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:55","cvss":6.8,"cvss_version":"3.1","epss":0.001,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"products":["Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2025","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows 10 Version 1607","Windows Server 2012 R2","Windows 10 Version 1809","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-50507","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:49","euvd":{"id":"EUVD-2026-35589","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:55","cvss":6.8,"cvss_version":"3.1","epss":0.001,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"products":["Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2025","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows 10 Version 1607","Windows Server 2012 R2","Windows 10 Version 1809","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-50507","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:49","euvd":{"id":"EUVD-2026-35589","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:55","cvss":6.8,"cvss_version":"3.1","epss":0.001,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"products":["Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2025","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows 10 Version 1607","Windows Server 2012 R2","Windows 10 Version 1809","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-50507","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:49","euvd":{"id":"EUVD-2026-35589","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:55","cvss":6.8,"cvss_version":"3.1","epss":0.001,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"products":["Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2025","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows 10 Version 1607","Windows Server 2012 R2","Windows 10 Version 1809","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-50507","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:49","euvd":{"id":"EUVD-2026-35589","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:55","cvss":6.8,"cvss_version":"3.1","epss":0.001,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"products":["Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2025","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows 10 Version 1607","Windows Server 2012 R2","Windows 10 Version 1809","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-50507","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:49","euvd":{"id":"EUVD-2026-35589","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:55","cvss":6.8,"cvss_version":"3.1","epss":0.001,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"products":["Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2025","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows 10 Version 1607","Windows Server 2012 R2","Windows 10 Version 1809","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-50507","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"vendor":"microsoft","product":"windows_server_2012","version":null,"published_time":"2026-06-09T17:17:49","euvd":{"id":"EUVD-2026-35589","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:55","cvss":6.8,"cvss_version":"3.1","epss":0.001,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"products":["Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2025","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows 10 Version 1607","Windows Server 2012 R2","Windows 10 Version 1809","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-50507","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"vendor":"microsoft","product":"windows_server_2016","version":null,"published_time":"2026-06-09T17:17:49","euvd":{"id":"EUVD-2026-35589","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:55","cvss":6.8,"cvss_version":"3.1","epss":0.001,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"products":["Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2025","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows 10 Version 1607","Windows Server 2012 R2","Windows 10 Version 1809","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-50507","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"vendor":"microsoft","product":"windows_server_2019","version":null,"published_time":"2026-06-09T17:17:49","euvd":{"id":"EUVD-2026-35589","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:55","cvss":6.8,"cvss_version":"3.1","epss":0.001,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"products":["Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2025","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows 10 Version 1607","Windows Server 2012 R2","Windows 10 Version 1809","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-50507","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:49","euvd":{"id":"EUVD-2026-35589","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:55","cvss":6.8,"cvss_version":"3.1","epss":0.001,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"products":["Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2025","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows 10 Version 1607","Windows Server 2012 R2","Windows 10 Version 1809","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-50507","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:49","euvd":{"id":"EUVD-2026-35589","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:55","cvss":6.8,"cvss_version":"3.1","epss":0.001,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50507"],"products":["Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2025","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows 10 Version 1607","Windows Server 2012 R2","Windows 10 Version 1809","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-49842","summary":"FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, mod_verto's WebSocket frame loop intercepts a #-prefixed speed-test protocol (#SPU / #SPB / #SPE) before any authentication check. The declared payload size in #SPU was parsed with atoi() and only rejected non-positive values, so an unauthenticated peer could request up to INT_MAX bytes. The server then wrote roughly size * 10 bytes back during the download phase, on the order of 20 GB per request, yielding strong outbound bandwidth amplification from a short request. This issue has been patched in version 1.11.1.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00057,"ranking_epss":0.17992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/signalwire/freeswitch/releases/tag/v1.11.1","https://github.com/signalwire/freeswitch/security/advisories/GHSA-p3gx-p2w7-wp35"],"vendor":"freeswitch","product":"freeswitch","version":null,"published_time":"2026-06-09T17:17:48","euvd":{"id":"EUVD-2026-35473","description":"FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, mod_verto's WebSocket frame loop intercepts a #-prefixed speed-test protocol (#SPU / #SPB / #SPE) before any authentication check. The declared payload size in #SPU was parsed with atoi() and only rejected non-positive values, so an unauthenticated peer could request up to INT_MAX bytes. The server then wrote roughly size * 10 bytes back during the download phase, on the order of 20 GB per request, yielding strong outbound bandwidth amplification from a short request. This issue has been patched in version 1.11.1.","published_time":"2026-06-09T16:02:58","cvss":7.5,"cvss_version":"3.1","epss":0.0005,"assigner":"GitHub_M","references":["https://github.com/signalwire/freeswitch/security/advisories/GHSA-p3gx-p2w7-wp35","https://github.com/signalwire/freeswitch/releases/tag/v1.11.1"],"products":["freeswitch"],"vendors":["signalwire"]}},{"cve_id":"CVE-2026-49843","summary":"FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, mod_verto's JSON-RPC handler bound the connection to the client-supplied sessid on the first frame, before the authentication gate. Binding inserts the connection into the global session hash and, on a key collision, drops the prior occupant of that slot — sending it a verto.punt, detaching its calls, and closing its socket. An unauthenticated network attacker who knows a target session UUID could therefore evict the legitimate client. This issue has been patched in version 1.11.1.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.19117,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/signalwire/freeswitch/releases/tag/v1.11.1","https://github.com/signalwire/freeswitch/security/advisories/GHSA-9457-fxr9-x78m"],"vendor":"freeswitch","product":"freeswitch","version":null,"published_time":"2026-06-09T17:17:48","euvd":{"id":"EUVD-2026-35492","description":"FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, mod_verto's JSON-RPC handler bound the connection to the client-supplied sessid on the first frame, before the authentication gate. Binding inserts the connection into the global session hash and, on a key collision, drops the prior occupant of that slot — sending it a verto.punt, detaching its calls, and closing its socket. An unauthenticated network attacker who knows a target session UUID could therefore evict the legitimate client. This issue has been patched in version 1.11.1.","published_time":"2026-06-09T16:04:55","cvss":5.3,"cvss_version":"3.1","epss":0.0006,"assigner":"GitHub_M","references":["https://github.com/signalwire/freeswitch/security/advisories/GHSA-9457-fxr9-x78m","https://github.com/signalwire/freeswitch/releases/tag/v1.11.1"],"products":["freeswitch"],"vendors":["signalwire"]}},{"cve_id":"CVE-2026-49847","summary":"FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes the FreeSWITCH process via stack overflow, terminating all calls and sessions on the host. The recursion drives the worker thread's stack pointer into the stack guard page, raising SIGSEGV from the kernel before any usable write primitive develops. This issue has been patched in version 1.11.1.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12395,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/signalwire/freeswitch/releases/tag/v1.11.1","https://github.com/signalwire/freeswitch/security/advisories/GHSA-2v74-pcgh-75wg"],"vendor":"freeswitch","product":"freeswitch","version":null,"published_time":"2026-06-09T17:17:48","euvd":{"id":"EUVD-2026-35493","description":"FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes the FreeSWITCH process via stack overflow, terminating all calls and sessions on the host. The recursion drives the worker thread's stack pointer into the stack guard page, raising SIGSEGV from the kernel before any usable write primitive develops. This issue has been patched in version 1.11.1.","published_time":"2026-06-09T16:05:08","cvss":7.5,"cvss_version":"3.1","epss":0.0004,"assigner":"GitHub_M","references":["https://github.com/signalwire/freeswitch/security/advisories/GHSA-2v74-pcgh-75wg","https://github.com/signalwire/freeswitch/releases/tag/v1.11.1"],"products":["freeswitch"],"vendors":["signalwire"]}},{"cve_id":"CVE-2026-49848","summary":"FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, mod_verto's check_auth userauth branch wrote request-supplied userVariables into the connection state before comparing the supplied password. The writes are append-only and the connection is not closed on a failed compare, so values declared on bad-password attempts persisted on the same WebSocket and carried into a subsequent successful login on that connection. This issue has been patched in version 1.11.1.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00026,"ranking_epss":0.07929,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/signalwire/freeswitch/releases/tag/v1.11.1","https://github.com/signalwire/freeswitch/security/advisories/GHSA-j38x-xm7f-9p2f"],"vendor":"freeswitch","product":"freeswitch","version":null,"published_time":"2026-06-09T17:17:48","euvd":{"id":"EUVD-2026-35495","description":"FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, mod_verto's check_auth userauth branch wrote request-supplied userVariables into the connection state before comparing the supplied password. The writes are append-only and the connection is not closed on a failed compare, so values declared on bad-password attempts persisted on the same WebSocket and carried into a subsequent successful login on that connection. This issue has been patched in version 1.11.1.","published_time":"2026-06-09T16:05:42","cvss":4.3,"cvss_version":"3.1","epss":0.0003,"assigner":"GitHub_M","references":["https://github.com/signalwire/freeswitch/security/advisories/GHSA-j38x-xm7f-9p2f","https://github.com/signalwire/freeswitch/releases/tag/v1.11.1"],"products":["freeswitch"],"vendors":["signalwire"]}},{"cve_id":"CVE-2026-49955","summary":"Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the authentication endpoint, causing unbounded growth of the challenge store file and excessive CPU and disk I/O through repeated JSON file rewrites.","cvss":6.9,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":6.9,"epss":0.00148,"ranking_epss":0.34993,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/nesquena/hermes-webui/commit/58528a4d88b0fa4f7b822e31d6051c669769bd3b","https://github.com/nesquena/hermes-webui/pull/3624","https://github.com/nesquena/hermes-webui/pull/3674","https://github.com/nesquena/hermes-webui/releases/tag/v0.51.270","https://www.vulncheck.com/advisories/hermes-webui-resource-exhaustion-via-passkey-options"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:48","euvd":{"id":"EUVD-2026-35494","description":"Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the authentication endpoint, causing unbounded growth of the challenge store file and excessive CPU and disk I/O through repeated JSON file rewrites.","published_time":"2026-06-09T16:05:33","cvss":6.9,"cvss_version":"4.0","epss":0.0015,"assigner":"VulnCheck","references":["https://github.com/nesquena/hermes-webui/releases/tag/v0.51.270","https://github.com/nesquena/hermes-webui/pull/3624","https://github.com/nesquena/hermes-webui/pull/3674","https://github.com/nesquena/hermes-webui/commit/58528a4d88b0fa4f7b822e31d6051c669769bd3b","https://www.vulncheck.com/advisories/hermes-webui-resource-exhaustion-via-passkey-options"],"products":["hermes-webui"],"vendors":["nesquena"]}},{"cve_id":"CVE-2026-49956","summary":"Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to retrieve session titles and transcript message content from profiles other than their own active profile.","cvss":7.1,"cvss_version":4.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":7.1,"epss":0.00029,"ranking_epss":0.08888,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/nesquena/hermes-webui/commit/2c7b530071bb29ae4184e83e33be5799d529568e","https://github.com/nesquena/hermes-webui/pull/3646","https://github.com/nesquena/hermes-webui/pull/3672","https://github.com/nesquena/hermes-webui/releases/tag/v0.51.269","https://www.vulncheck.com/advisories/hermes-webui-profile-isolation-bypass-via-sessions-search","https://github.com/nesquena/hermes-webui/pull/3646"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:48","euvd":{"id":"EUVD-2026-35497","description":"Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to retrieve session titles and transcript message content from profiles other than their own active profile.","published_time":"2026-06-09T16:10:33","cvss":7.1,"cvss_version":"4.0","epss":0.0003,"assigner":"VulnCheck","references":["https://github.com/nesquena/hermes-webui/releases/tag/v0.51.269","https://github.com/nesquena/hermes-webui/pull/3646","https://github.com/nesquena/hermes-webui/pull/3672","https://github.com/nesquena/hermes-webui/commit/2c7b530071bb29ae4184e83e33be5799d529568e","https://www.vulncheck.com/advisories/hermes-webui-profile-isolation-bypass-via-sessions-search"],"products":["hermes-webui"],"vendors":["nesquena"]}},{"cve_id":"CVE-2026-49161","summary":"Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12644,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49161"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:47","euvd":{"id":"EUVD-2026-35528","description":"Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:16","cvss":7.8,"cvss_version":"3.1","epss":0.0004,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49161"],"products":["Microsoft PC Manager"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-49472","summary":"FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIX(prologTok)(), in libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c, which was cloned from an outdated and vulnerable version in libexpat/libexpat. The function did not receive the corresponding security patch. This issue has been patched in version 1.11.0.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.0004,"ranking_epss":0.12298,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/signalwire/freeswitch/releases/tag/v1.11.0","https://github.com/signalwire/freeswitch/security/advisories/GHSA-4jm3-xpcm-mwwq"],"vendor":"freeswitch","product":"freeswitch","version":null,"published_time":"2026-06-09T17:17:47","euvd":{"id":"EUVD-2026-35469","description":"FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIX(prologTok)(), in libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c, which was cloned from an outdated and vulnerable version in libexpat/libexpat. The function did not receive the corresponding security patch. This issue has been patched in version 1.11.0.","published_time":"2026-06-09T15:59:49","cvss":5.3,"cvss_version":"3.1","epss":0.0004,"assigner":"GitHub_M","references":["https://github.com/signalwire/freeswitch/security/advisories/GHSA-4jm3-xpcm-mwwq","https://github.com/signalwire/freeswitch/releases/tag/v1.11.0"],"products":["freeswitch"],"vendors":["signalwire"]}},{"cve_id":"CVE-2026-49475","summary":"FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser casts to causes the parser to read and write past the end of the attribute, producing an out-of-bounds memory access on the per-leg media buffer. This issue has been patched in version 1.11.0.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18799,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/signalwire/freeswitch/releases/tag/v1.11.0","https://github.com/signalwire/freeswitch/security/advisories/GHSA-9j6h-hc95-q926"],"vendor":"freeswitch","product":"freeswitch","version":null,"published_time":"2026-06-09T17:17:47","euvd":{"id":"EUVD-2026-35470","description":"FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser casts to causes the parser to read and write past the end of the attribute, producing an out-of-bounds memory access on the per-leg media buffer. This issue has been patched in version 1.11.0.","published_time":"2026-06-09T16:00:32","cvss":7.5,"cvss_version":"3.1","epss":0.0006,"assigner":"GitHub_M","references":["https://github.com/signalwire/freeswitch/security/advisories/GHSA-9j6h-hc95-q926","https://github.com/signalwire/freeswitch/releases/tag/v1.11.0"],"products":["freeswitch"],"vendors":["signalwire"]}},{"cve_id":"CVE-2026-49840","summary":"FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, esl_recv_event() parses Content-Length with atol() and passes the result straight to malloc(len + 1) with no sign or magnitude check. A malicious or man-in-the-middle ESL peer can send a frame with a negative Content-Length to corrupt the heap of, or crash, any process linked against libesl, before the client has authenticated to that peer. This issue has been patched in version 1.11.1.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18799,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/signalwire/freeswitch/releases/tag/v1.11.1","https://github.com/signalwire/freeswitch/security/advisories/GHSA-g597-9fgg-ghg9"],"vendor":"freeswitch","product":"freeswitch","version":null,"published_time":"2026-06-09T17:17:47","euvd":{"id":"EUVD-2026-35471","description":"FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, esl_recv_event() parses Content-Length with atol() and passes the result straight to malloc(len + 1) with no sign or magnitude check. A malicious or man-in-the-middle ESL peer can send a frame with a negative Content-Length to corrupt the heap of, or crash, any process linked against libesl, before the client has authenticated to that peer. This issue has been patched in version 1.11.1.","published_time":"2026-06-09T16:00:56","cvss":9.1,"cvss_version":"3.1","epss":0.0006,"assigner":"GitHub_M","references":["https://github.com/signalwire/freeswitch/security/advisories/GHSA-g597-9fgg-ghg9","https://github.com/signalwire/freeswitch/releases/tag/v1.11.1"],"products":["freeswitch"],"vendors":["signalwire"]}},{"cve_id":"CVE-2026-49841","summary":"FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for a POST application/x-www-form-urlencoded body but accepts Content-Length up to just under 10 MiB. The body-read loop is bounded by Content-Length rather than the buffer size, producing an attacker-controlled heap overflow of up to ~8 MiB -- before the HTTP basic-auth check runs. This issue has been patched in version 1.11.1.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00043,"ranking_epss":0.13427,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/signalwire/freeswitch/releases/tag/v1.11.1","https://github.com/signalwire/freeswitch/security/advisories/GHSA-wfrq-qvg2-f88f"],"vendor":"freeswitch","product":"freeswitch","version":null,"published_time":"2026-06-09T17:17:47","euvd":{"id":"EUVD-2026-35472","description":"FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for a POST application/x-www-form-urlencoded body but accepts Content-Length up to just under 10 MiB. The body-read loop is bounded by Content-Length rather than the buffer size, producing an attacker-controlled heap overflow of up to ~8 MiB -- before the HTTP basic-auth check runs. This issue has been patched in version 1.11.1.","published_time":"2026-06-09T16:02:24","cvss":9.8,"cvss_version":"3.1","epss":0.0004,"assigner":"GitHub_M","references":["https://github.com/signalwire/freeswitch/security/advisories/GHSA-wfrq-qvg2-f88f","https://github.com/signalwire/freeswitch/releases/tag/v1.11.1"],"products":["freeswitch"],"vendors":["signalwire"]}},{"cve_id":"CVE-2026-48574","summary":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.2342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"vendor":"microsoft","product":"windows_10_1607","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35587","description":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:54","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"products":["Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 11 Version 23H2","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48574","summary":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.2342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"vendor":"microsoft","product":"windows_10_1809","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35587","description":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:54","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"products":["Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 11 Version 23H2","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48574","summary":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.2342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35587","description":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:54","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"products":["Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 11 Version 23H2","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48574","summary":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.2342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35587","description":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:54","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"products":["Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 11 Version 23H2","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48574","summary":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.2342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35587","description":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:54","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"products":["Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 11 Version 23H2","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48574","summary":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.2342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35587","description":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:54","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"products":["Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 11 Version 23H2","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48574","summary":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.2342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35587","description":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:54","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"products":["Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 11 Version 23H2","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48574","summary":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.2342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35587","description":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:54","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"products":["Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 11 Version 23H2","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48574","summary":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.2342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"vendor":"microsoft","product":"windows_server_2012","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35587","description":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:54","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"products":["Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 11 Version 23H2","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48574","summary":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.2342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"vendor":"microsoft","product":"windows_server_2016","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35587","description":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:54","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"products":["Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 11 Version 23H2","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48574","summary":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.2342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"vendor":"microsoft","product":"windows_server_2019","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35587","description":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:54","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"products":["Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 11 Version 23H2","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48574","summary":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.2342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35587","description":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:54","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"products":["Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 11 Version 23H2","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48574","summary":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.2342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35587","description":"Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:54","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48574"],"products":["Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 11 Version 23H2","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48575","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"vendor":"microsoft","product":"windows_10_1607","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35524","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 24H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows 10 Version 1607"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48575","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"vendor":"microsoft","product":"windows_10_1809","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35524","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 24H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows 10 Version 1607"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48575","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35524","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 24H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows 10 Version 1607"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48575","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35524","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 24H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows 10 Version 1607"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48575","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35524","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 24H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows 10 Version 1607"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48575","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35524","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 24H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows 10 Version 1607"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48575","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35524","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 24H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows 10 Version 1607"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48575","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35524","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 24H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows 10 Version 1607"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48575","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"vendor":"microsoft","product":"windows_server_2012","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35524","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 24H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows 10 Version 1607"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48575","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"vendor":"microsoft","product":"windows_server_2016","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35524","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 24H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows 10 Version 1607"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48575","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"vendor":"microsoft","product":"windows_server_2019","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35524","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 24H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows 10 Version 1607"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48575","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35524","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 24H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows 10 Version 1607"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48575","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35524","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48575"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019","Windows Server 2025","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 24H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows 10 Version 1607"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48576","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"vendor":"microsoft","product":"windows_10_1607","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35525","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2016","Windows 10 Version 1607","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows 11 version 26H1","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48576","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"vendor":"microsoft","product":"windows_10_1809","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35525","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2016","Windows 10 Version 1607","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows 11 version 26H1","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48576","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35525","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2016","Windows 10 Version 1607","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows 11 version 26H1","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48576","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35525","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2016","Windows 10 Version 1607","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows 11 version 26H1","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48576","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35525","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2016","Windows 10 Version 1607","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows 11 version 26H1","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48576","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35525","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2016","Windows 10 Version 1607","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows 11 version 26H1","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48576","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35525","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2016","Windows 10 Version 1607","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows 11 version 26H1","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48576","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35525","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2016","Windows 10 Version 1607","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows 11 version 26H1","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48576","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"vendor":"microsoft","product":"windows_server_2012","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35525","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2016","Windows 10 Version 1607","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows 11 version 26H1","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48576","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"vendor":"microsoft","product":"windows_server_2016","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35525","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2016","Windows 10 Version 1607","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows 11 version 26H1","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48576","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"vendor":"microsoft","product":"windows_server_2019","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35525","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2016","Windows 10 Version 1607","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows 11 version 26H1","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48576","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35525","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2016","Windows 10 Version 1607","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows 11 version 26H1","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48576","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35525","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:14","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48576"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2025","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2016","Windows 10 Version 1607","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows 11 version 26H1","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48578","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"vendor":"microsoft","product":"windows_10_1607","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35526","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:15","cvss":7.9,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"products":["Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 1809","Windows 10 Version 22H2","Windows Server 2019","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2022","Windows 10 Version 21H2","Windows Server 2012","Windows 10 Version 1607","Windows Server 2025","Windows Server 2012 R2","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48578","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"vendor":"microsoft","product":"windows_10_1809","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35526","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:15","cvss":7.9,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"products":["Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 1809","Windows 10 Version 22H2","Windows Server 2019","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2022","Windows 10 Version 21H2","Windows Server 2012","Windows 10 Version 1607","Windows Server 2025","Windows Server 2012 R2","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48578","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35526","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:15","cvss":7.9,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"products":["Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 1809","Windows 10 Version 22H2","Windows Server 2019","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2022","Windows 10 Version 21H2","Windows Server 2012","Windows 10 Version 1607","Windows Server 2025","Windows Server 2012 R2","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48578","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35526","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:15","cvss":7.9,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"products":["Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 1809","Windows 10 Version 22H2","Windows Server 2019","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2022","Windows 10 Version 21H2","Windows Server 2012","Windows 10 Version 1607","Windows Server 2025","Windows Server 2012 R2","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48578","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35526","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:15","cvss":7.9,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"products":["Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 1809","Windows 10 Version 22H2","Windows Server 2019","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2022","Windows 10 Version 21H2","Windows Server 2012","Windows 10 Version 1607","Windows Server 2025","Windows Server 2012 R2","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48578","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35526","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:15","cvss":7.9,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"products":["Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 1809","Windows 10 Version 22H2","Windows Server 2019","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2022","Windows 10 Version 21H2","Windows Server 2012","Windows 10 Version 1607","Windows Server 2025","Windows Server 2012 R2","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48578","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35526","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:15","cvss":7.9,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"products":["Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 1809","Windows 10 Version 22H2","Windows Server 2019","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2022","Windows 10 Version 21H2","Windows Server 2012","Windows 10 Version 1607","Windows Server 2025","Windows Server 2012 R2","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48578","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35526","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:15","cvss":7.9,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"products":["Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 1809","Windows 10 Version 22H2","Windows Server 2019","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2022","Windows 10 Version 21H2","Windows Server 2012","Windows 10 Version 1607","Windows Server 2025","Windows Server 2012 R2","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48578","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"vendor":"microsoft","product":"windows_server_2012","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35526","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:15","cvss":7.9,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"products":["Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 1809","Windows 10 Version 22H2","Windows Server 2019","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2022","Windows 10 Version 21H2","Windows Server 2012","Windows 10 Version 1607","Windows Server 2025","Windows Server 2012 R2","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48578","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"vendor":"microsoft","product":"windows_server_2016","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35526","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:15","cvss":7.9,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"products":["Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 1809","Windows 10 Version 22H2","Windows Server 2019","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2022","Windows 10 Version 21H2","Windows Server 2012","Windows 10 Version 1607","Windows Server 2025","Windows Server 2012 R2","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48578","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"vendor":"microsoft","product":"windows_server_2019","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35526","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:15","cvss":7.9,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"products":["Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 1809","Windows 10 Version 22H2","Windows Server 2019","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2022","Windows 10 Version 21H2","Windows Server 2012","Windows 10 Version 1607","Windows Server 2025","Windows Server 2012 R2","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48578","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35526","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:15","cvss":7.9,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"products":["Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 1809","Windows 10 Version 22H2","Windows Server 2019","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2022","Windows 10 Version 21H2","Windows Server 2012","Windows 10 Version 1607","Windows Server 2025","Windows Server 2012 R2","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48578","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35526","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:15","cvss":7.9,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48578"],"products":["Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 1809","Windows 10 Version 22H2","Windows Server 2019","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2022","Windows 10 Version 21H2","Windows Server 2012","Windows 10 Version 1607","Windows Server 2025","Windows Server 2012 R2","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48583","summary":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"vendor":"microsoft","product":"windows_10_1607","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35527","description":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:16","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"products":["Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2016","Windows 10 Version 22H2","Windows Server 2025","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48583","summary":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"vendor":"microsoft","product":"windows_10_1809","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35527","description":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:16","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"products":["Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2016","Windows 10 Version 22H2","Windows Server 2025","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48583","summary":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35527","description":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:16","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"products":["Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2016","Windows 10 Version 22H2","Windows Server 2025","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48583","summary":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35527","description":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:16","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"products":["Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2016","Windows 10 Version 22H2","Windows Server 2025","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48583","summary":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35527","description":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:16","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"products":["Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2016","Windows 10 Version 22H2","Windows Server 2025","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48583","summary":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35527","description":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:16","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"products":["Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2016","Windows 10 Version 22H2","Windows Server 2025","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48583","summary":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35527","description":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:16","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"products":["Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2016","Windows 10 Version 22H2","Windows Server 2025","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48583","summary":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35527","description":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:16","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"products":["Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2016","Windows 10 Version 22H2","Windows Server 2025","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48583","summary":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"vendor":"microsoft","product":"windows_server_2016","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35527","description":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:16","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"products":["Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2016","Windows 10 Version 22H2","Windows Server 2025","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48583","summary":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"vendor":"microsoft","product":"windows_server_2019","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35527","description":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:16","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"products":["Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2016","Windows 10 Version 22H2","Windows Server 2025","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48583","summary":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35527","description":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:16","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"products":["Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2016","Windows 10 Version 22H2","Windows Server 2025","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48583","summary":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35527","description":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:16","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48583"],"products":["Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2016","Windows 10 Version 22H2","Windows Server 2025","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-49160","summary":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01298,"ranking_epss":0.8013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"vendor":"microsoft","product":"windows_10_1607","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35588","description":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","published_time":"2026-06-09T17:05:54","cvss":7.5,"cvss_version":"3.1","epss":0.0123,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"products":["Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2019","Windows 10 Version 22H2","Windows 11 version 26H1","Windows 10 Version 1607","Windows 10 Version 1809","Windows Server 2022","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-49160","summary":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01298,"ranking_epss":0.8013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"vendor":"microsoft","product":"windows_10_1809","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35588","description":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","published_time":"2026-06-09T17:05:54","cvss":7.5,"cvss_version":"3.1","epss":0.0123,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"products":["Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2019","Windows 10 Version 22H2","Windows 11 version 26H1","Windows 10 Version 1607","Windows 10 Version 1809","Windows Server 2022","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-49160","summary":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01298,"ranking_epss":0.8013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35588","description":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","published_time":"2026-06-09T17:05:54","cvss":7.5,"cvss_version":"3.1","epss":0.0123,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"products":["Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2019","Windows 10 Version 22H2","Windows 11 version 26H1","Windows 10 Version 1607","Windows 10 Version 1809","Windows Server 2022","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-49160","summary":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01298,"ranking_epss":0.8013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35588","description":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","published_time":"2026-06-09T17:05:54","cvss":7.5,"cvss_version":"3.1","epss":0.0123,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"products":["Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2019","Windows 10 Version 22H2","Windows 11 version 26H1","Windows 10 Version 1607","Windows 10 Version 1809","Windows Server 2022","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-49160","summary":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01298,"ranking_epss":0.8013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35588","description":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","published_time":"2026-06-09T17:05:54","cvss":7.5,"cvss_version":"3.1","epss":0.0123,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"products":["Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2019","Windows 10 Version 22H2","Windows 11 version 26H1","Windows 10 Version 1607","Windows 10 Version 1809","Windows Server 2022","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-49160","summary":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01298,"ranking_epss":0.8013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35588","description":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","published_time":"2026-06-09T17:05:54","cvss":7.5,"cvss_version":"3.1","epss":0.0123,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"products":["Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2019","Windows 10 Version 22H2","Windows 11 version 26H1","Windows 10 Version 1607","Windows 10 Version 1809","Windows Server 2022","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-49160","summary":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01298,"ranking_epss":0.8013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35588","description":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","published_time":"2026-06-09T17:05:54","cvss":7.5,"cvss_version":"3.1","epss":0.0123,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"products":["Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2019","Windows 10 Version 22H2","Windows 11 version 26H1","Windows 10 Version 1607","Windows 10 Version 1809","Windows Server 2022","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-49160","summary":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01298,"ranking_epss":0.8013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35588","description":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","published_time":"2026-06-09T17:05:54","cvss":7.5,"cvss_version":"3.1","epss":0.0123,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"products":["Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2019","Windows 10 Version 22H2","Windows 11 version 26H1","Windows 10 Version 1607","Windows 10 Version 1809","Windows Server 2022","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-49160","summary":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01298,"ranking_epss":0.8013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"vendor":"microsoft","product":"windows_server_2016","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35588","description":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","published_time":"2026-06-09T17:05:54","cvss":7.5,"cvss_version":"3.1","epss":0.0123,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"products":["Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2019","Windows 10 Version 22H2","Windows 11 version 26H1","Windows 10 Version 1607","Windows 10 Version 1809","Windows Server 2022","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-49160","summary":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01298,"ranking_epss":0.8013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"vendor":"microsoft","product":"windows_server_2019","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35588","description":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","published_time":"2026-06-09T17:05:54","cvss":7.5,"cvss_version":"3.1","epss":0.0123,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"products":["Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2019","Windows 10 Version 22H2","Windows 11 version 26H1","Windows 10 Version 1607","Windows 10 Version 1809","Windows Server 2022","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-49160","summary":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01298,"ranking_epss":0.8013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35588","description":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","published_time":"2026-06-09T17:05:54","cvss":7.5,"cvss_version":"3.1","epss":0.0123,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"products":["Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2019","Windows 10 Version 22H2","Windows 11 version 26H1","Windows 10 Version 1607","Windows 10 Version 1809","Windows Server 2022","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-49160","summary":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.01298,"ranking_epss":0.8013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:46","euvd":{"id":"EUVD-2026-35588","description":"Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.","published_time":"2026-06-09T17:05:54","cvss":7.5,"cvss_version":"3.1","epss":0.0123,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49160"],"products":["Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2019","Windows 10 Version 22H2","Windows 11 version 26H1","Windows 10 Version 1607","Windows 10 Version 1809","Windows Server 2022","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48565","summary":"Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00122,"ranking_epss":0.30878,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48565"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35585","description":"Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:53","cvss":7.8,"cvss_version":"3.1","epss":0.0012,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48565"],"products":["Windows Narrator Braille"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48566","summary":"Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.16325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48566"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35520","description":"Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.","published_time":"2026-06-09T17:05:12","cvss":5.5,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48566"],"products":["Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2025","Windows 11 version 26H1"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48566","summary":"Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.16325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48566"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35520","description":"Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.","published_time":"2026-06-09T17:05:12","cvss":5.5,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48566"],"products":["Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2025","Windows 11 version 26H1"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48566","summary":"Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.16325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48566"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35520","description":"Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.","published_time":"2026-06-09T17:05:12","cvss":5.5,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48566"],"products":["Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2025","Windows 11 version 26H1"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48566","summary":"Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.16325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48566"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35520","description":"Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.","published_time":"2026-06-09T17:05:12","cvss":5.5,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48566"],"products":["Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2025","Windows 11 version 26H1"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48568","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"vendor":"microsoft","product":"windows_10_1607","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35521","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:12","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"products":["Windows 10 Version 1809","Windows Server 2012 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 1607","Windows 11 Version 24H2","Windows Server 2016 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows Server 2025","Windows 10 Version 21H2","Windows Server 2016","Windows Server 2022","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48568","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"vendor":"microsoft","product":"windows_10_1809","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35521","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:12","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"products":["Windows 10 Version 1809","Windows Server 2012 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 1607","Windows 11 Version 24H2","Windows Server 2016 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows Server 2025","Windows 10 Version 21H2","Windows Server 2016","Windows Server 2022","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48568","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35521","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:12","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"products":["Windows 10 Version 1809","Windows Server 2012 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 1607","Windows 11 Version 24H2","Windows Server 2016 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows Server 2025","Windows 10 Version 21H2","Windows Server 2016","Windows Server 2022","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48568","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35521","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:12","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"products":["Windows 10 Version 1809","Windows Server 2012 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 1607","Windows 11 Version 24H2","Windows Server 2016 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows Server 2025","Windows 10 Version 21H2","Windows Server 2016","Windows Server 2022","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48568","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35521","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:12","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"products":["Windows 10 Version 1809","Windows Server 2012 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 1607","Windows 11 Version 24H2","Windows Server 2016 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows Server 2025","Windows 10 Version 21H2","Windows Server 2016","Windows Server 2022","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48568","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35521","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:12","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"products":["Windows 10 Version 1809","Windows Server 2012 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 1607","Windows 11 Version 24H2","Windows Server 2016 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows Server 2025","Windows 10 Version 21H2","Windows Server 2016","Windows Server 2022","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48568","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35521","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:12","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"products":["Windows 10 Version 1809","Windows Server 2012 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 1607","Windows 11 Version 24H2","Windows Server 2016 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows Server 2025","Windows 10 Version 21H2","Windows Server 2016","Windows Server 2022","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48568","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35521","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:12","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"products":["Windows 10 Version 1809","Windows Server 2012 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 1607","Windows 11 Version 24H2","Windows Server 2016 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows Server 2025","Windows 10 Version 21H2","Windows Server 2016","Windows Server 2022","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48568","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"vendor":"microsoft","product":"windows_server_2012","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35521","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:12","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"products":["Windows 10 Version 1809","Windows Server 2012 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 1607","Windows 11 Version 24H2","Windows Server 2016 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows Server 2025","Windows 10 Version 21H2","Windows Server 2016","Windows Server 2022","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48568","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"vendor":"microsoft","product":"windows_server_2016","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35521","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:12","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"products":["Windows 10 Version 1809","Windows Server 2012 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 1607","Windows 11 Version 24H2","Windows Server 2016 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows Server 2025","Windows 10 Version 21H2","Windows Server 2016","Windows Server 2022","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48568","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"vendor":"microsoft","product":"windows_server_2019","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35521","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:12","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"products":["Windows 10 Version 1809","Windows Server 2012 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 1607","Windows 11 Version 24H2","Windows Server 2016 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows Server 2025","Windows 10 Version 21H2","Windows Server 2016","Windows Server 2022","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48568","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35521","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:12","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"products":["Windows 10 Version 1809","Windows Server 2012 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 1607","Windows 11 Version 24H2","Windows Server 2016 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows Server 2025","Windows 10 Version 21H2","Windows Server 2016","Windows Server 2022","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48568","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35521","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:12","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48568"],"products":["Windows 10 Version 1809","Windows Server 2012 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 1607","Windows 11 Version 24H2","Windows Server 2016 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012","Windows Server 2012 R2","Windows 11 Version 25H2","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows Server 2025","Windows 10 Version 21H2","Windows Server 2016","Windows Server 2022","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48569","summary":"Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00083,"ranking_epss":0.24243,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48569"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35586","description":"Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:53","cvss":7.1,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48569"],"products":["Visual Studio Code","Visual Studio Code"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48570","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"vendor":"microsoft","product":"windows_10_1607","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35522","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows 11 Version 23H2","Windows 10 Version 22H2","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2025 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012","Windows 11 version 26H1","Windows Server 2022","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48570","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"vendor":"microsoft","product":"windows_10_1809","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35522","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows 11 Version 23H2","Windows 10 Version 22H2","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2025 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012","Windows 11 version 26H1","Windows Server 2022","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48570","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35522","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows 11 Version 23H2","Windows 10 Version 22H2","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2025 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012","Windows 11 version 26H1","Windows Server 2022","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48570","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35522","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows 11 Version 23H2","Windows 10 Version 22H2","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2025 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012","Windows 11 version 26H1","Windows Server 2022","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48570","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35522","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows 11 Version 23H2","Windows 10 Version 22H2","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2025 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012","Windows 11 version 26H1","Windows Server 2022","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48570","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35522","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows 11 Version 23H2","Windows 10 Version 22H2","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2025 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012","Windows 11 version 26H1","Windows Server 2022","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48570","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35522","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows 11 Version 23H2","Windows 10 Version 22H2","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2025 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012","Windows 11 version 26H1","Windows Server 2022","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48570","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35522","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows 11 Version 23H2","Windows 10 Version 22H2","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2025 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012","Windows 11 version 26H1","Windows Server 2022","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48570","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"vendor":"microsoft","product":"windows_server_2012","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35522","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows 11 Version 23H2","Windows 10 Version 22H2","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2025 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012","Windows 11 version 26H1","Windows Server 2022","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48570","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"vendor":"microsoft","product":"windows_server_2016","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35522","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows 11 Version 23H2","Windows 10 Version 22H2","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2025 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012","Windows 11 version 26H1","Windows Server 2022","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48570","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"vendor":"microsoft","product":"windows_server_2019","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35522","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows 11 Version 23H2","Windows 10 Version 22H2","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2025 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012","Windows 11 version 26H1","Windows Server 2022","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48570","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35522","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows 11 Version 23H2","Windows 10 Version 22H2","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2025 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012","Windows 11 version 26H1","Windows Server 2022","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48570","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35522","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48570"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2019","Windows 11 Version 23H2","Windows 10 Version 22H2","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2025 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012","Windows 11 version 26H1","Windows Server 2022","Windows Server 2025","Windows 10 Version 1809","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48573","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"vendor":"microsoft","product":"windows_10_1607","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35523","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"products":["Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2025","Windows Server 2022","Windows Server 2012 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48573","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"vendor":"microsoft","product":"windows_10_1809","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35523","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"products":["Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2025","Windows Server 2022","Windows Server 2012 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48573","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35523","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"products":["Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2025","Windows Server 2022","Windows Server 2012 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48573","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35523","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"products":["Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2025","Windows Server 2022","Windows Server 2012 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48573","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35523","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"products":["Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2025","Windows Server 2022","Windows Server 2012 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48573","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35523","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"products":["Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2025","Windows Server 2022","Windows Server 2012 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48573","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35523","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"products":["Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2025","Windows Server 2022","Windows Server 2012 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48573","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35523","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"products":["Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2025","Windows Server 2022","Windows Server 2012 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48573","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"vendor":"microsoft","product":"windows_server_2012","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35523","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"products":["Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2025","Windows Server 2022","Windows Server 2012 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48573","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"vendor":"microsoft","product":"windows_server_2016","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35523","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"products":["Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2025","Windows Server 2022","Windows Server 2012 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48573","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"vendor":"microsoft","product":"windows_server_2019","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35523","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"products":["Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2025","Windows Server 2022","Windows Server 2012 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48573","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35523","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"products":["Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2025","Windows Server 2022","Windows Server 2012 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48573","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00277,"ranking_epss":0.51478,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:45","euvd":{"id":"EUVD-2026-35523","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:13","cvss":7.9,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48573"],"products":["Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2025","Windows Server 2022","Windows Server 2012 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48297","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:44","euvd":{"id":"EUVD-2026-35634","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:54","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48299","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:44","euvd":{"id":"EUVD-2026-35709","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:05","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48300","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:44","euvd":{"id":"EUVD-2026-35722","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:18","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48301","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:44","euvd":{"id":"EUVD-2026-35606","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:25","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48304","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:44","euvd":{"id":"EUVD-2026-35602","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:21","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48560","summary":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.00469,"ranking_epss":0.64996,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48560"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:44","euvd":{"id":"EUVD-2026-35583","description":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","published_time":"2026-06-09T17:05:51","cvss":5.4,"cvss_version":"3.1","epss":0.0047,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48560"],"products":["Microsoft SharePoint Server Subscription Edition","Microsoft SharePoint Server 2019","Microsoft SharePoint Enterprise Server 2016"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48562","summary":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18535,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48562"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:44","euvd":{"id":"EUVD-2026-35584","description":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","published_time":"2026-06-09T17:05:52","cvss":4.6,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48562"],"products":["Microsoft SharePoint Server 2019","Microsoft SharePoint Enterprise Server 2016","Microsoft SharePoint Server Subscription Edition"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48563","summary":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23319,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"],"vendor":"microsoft","product":"windows_10_1809","version":null,"published_time":"2026-06-09T17:17:44","euvd":{"id":"EUVD-2026-35519","description":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:11","cvss":7.5,"cvss_version":"3.1","epss":0.0007,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"],"products":["Windows Server 2022","Windows 10 Version 22H2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows 11 Version 24H2","Windows 10 Version 1809"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48563","summary":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23319,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:44","euvd":{"id":"EUVD-2026-35519","description":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:11","cvss":7.5,"cvss_version":"3.1","epss":0.0007,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"],"products":["Windows Server 2022","Windows 10 Version 22H2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows 11 Version 24H2","Windows 10 Version 1809"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48563","summary":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23319,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:44","euvd":{"id":"EUVD-2026-35519","description":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:11","cvss":7.5,"cvss_version":"3.1","epss":0.0007,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"],"products":["Windows Server 2022","Windows 10 Version 22H2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows 11 Version 24H2","Windows 10 Version 1809"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48563","summary":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23319,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:44","euvd":{"id":"EUVD-2026-35519","description":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:11","cvss":7.5,"cvss_version":"3.1","epss":0.0007,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"],"products":["Windows Server 2022","Windows 10 Version 22H2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows 11 Version 24H2","Windows 10 Version 1809"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48563","summary":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23319,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:44","euvd":{"id":"EUVD-2026-35519","description":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:11","cvss":7.5,"cvss_version":"3.1","epss":0.0007,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"],"products":["Windows Server 2022","Windows 10 Version 22H2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows 11 Version 24H2","Windows 10 Version 1809"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48563","summary":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23319,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:44","euvd":{"id":"EUVD-2026-35519","description":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:11","cvss":7.5,"cvss_version":"3.1","epss":0.0007,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"],"products":["Windows Server 2022","Windows 10 Version 22H2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows 11 Version 24H2","Windows 10 Version 1809"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48563","summary":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23319,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:44","euvd":{"id":"EUVD-2026-35519","description":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:11","cvss":7.5,"cvss_version":"3.1","epss":0.0007,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"],"products":["Windows Server 2022","Windows 10 Version 22H2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows 11 Version 24H2","Windows 10 Version 1809"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48563","summary":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23319,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"],"vendor":"microsoft","product":"windows_server_2019","version":null,"published_time":"2026-06-09T17:17:44","euvd":{"id":"EUVD-2026-35519","description":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:11","cvss":7.5,"cvss_version":"3.1","epss":0.0007,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"],"products":["Windows Server 2022","Windows 10 Version 22H2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows 11 Version 24H2","Windows 10 Version 1809"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48563","summary":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23319,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:44","euvd":{"id":"EUVD-2026-35519","description":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:11","cvss":7.5,"cvss_version":"3.1","epss":0.0007,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"],"products":["Windows Server 2022","Windows 10 Version 22H2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows 11 Version 24H2","Windows 10 Version 1809"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48563","summary":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23319,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:44","euvd":{"id":"EUVD-2026-35519","description":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:11","cvss":7.5,"cvss_version":"3.1","epss":0.0007,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48563"],"products":["Windows Server 2022","Windows 10 Version 22H2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows 11 Version 24H2","Windows 10 Version 1809"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-48266","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:43","euvd":{"id":"EUVD-2026-35708","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","published_time":"2026-06-09T16:48:04","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48268","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:43","euvd":{"id":"EUVD-2026-35632","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","published_time":"2026-06-09T16:48:52","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48271","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:43","euvd":{"id":"EUVD-2026-35712","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","published_time":"2026-06-09T16:48:08","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48280","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:43","euvd":{"id":"EUVD-2026-35640","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","published_time":"2026-06-09T16:49:01","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48288","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page.","cvss":3.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.5,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.20087,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:43","euvd":{"id":"EUVD-2026-35714","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page.","published_time":"2026-06-09T16:48:10","cvss":3.5,"cvss_version":"3.1","epss":0.0006,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48289","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page.","cvss":3.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.5,"cvss_v4":null,"epss":0.00064,"ranking_epss":0.20087,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:43","euvd":{"id":"EUVD-2026-35635","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page.","published_time":"2026-06-09T16:48:55","cvss":3.5,"cvss_version":"3.1","epss":0.0006,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47991","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this issue requires user interaction in that a victim must click on a malicious link.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00041,"ranking_epss":0.1275,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:42","euvd":{"id":"EUVD-2026-35624","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this issue requires user interaction in that a victim must click on a malicious link.","published_time":"2026-06-09T16:48:44","cvss":4.3,"cvss_version":"3.1","epss":0.0007,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47993","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:42","euvd":{"id":"EUVD-2026-35631","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","published_time":"2026-06-09T16:48:51","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48250","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:42","euvd":{"id":"EUVD-2026-35713","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","published_time":"2026-06-09T16:48:09","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48251","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:42","euvd":{"id":"EUVD-2026-35636","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","published_time":"2026-06-09T16:48:56","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48256","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:42","euvd":{"id":"EUVD-2026-35633","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","published_time":"2026-06-09T16:48:53","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48258","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:42","euvd":{"id":"EUVD-2026-35616","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","published_time":"2026-06-09T16:48:35","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48264","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:42","euvd":{"id":"EUVD-2026-35605","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","published_time":"2026-06-09T16:48:24","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-48265","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:42","euvd":{"id":"EUVD-2026-35715","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","published_time":"2026-06-09T16:48:11","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47982","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:41","euvd":{"id":"EUVD-2026-35627","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","published_time":"2026-06-09T16:48:47","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47983","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:41","euvd":{"id":"EUVD-2026-35603","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","published_time":"2026-06-09T16:48:22","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47985","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:41","euvd":{"id":"EUVD-2026-35639","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","published_time":"2026-06-09T16:49:00","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47986","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:41","euvd":{"id":"EUVD-2026-35608","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","published_time":"2026-06-09T16:48:27","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47987","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:41","euvd":{"id":"EUVD-2026-35717","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","published_time":"2026-06-09T16:48:13","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47989","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:41","euvd":{"id":"EUVD-2026-35626","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","published_time":"2026-06-09T16:48:46","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47990","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:41","euvd":{"id":"EUVD-2026-35613","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:32","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47972","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:40","euvd":{"id":"EUVD-2026-35622","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:42","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47973","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:40","euvd":{"id":"EUVD-2026-35718","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:14","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47974","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:40","euvd":{"id":"EUVD-2026-35618","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:37","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47975","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:40","euvd":{"id":"EUVD-2026-35615","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:34","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47977","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:40","euvd":{"id":"EUVD-2026-35625","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:45","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47978","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:40","euvd":{"id":"EUVD-2026-35711","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:07","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47980","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:40","euvd":{"id":"EUVD-2026-35642","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:49:03","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47981","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:40","euvd":{"id":"EUVD-2026-35601","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:19","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47953","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:39","euvd":{"id":"EUVD-2026-35720","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:16","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47954","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:39","euvd":{"id":"EUVD-2026-35621","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:41","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47956","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:39","euvd":{"id":"EUVD-2026-35629","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:49","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47957","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:39","euvd":{"id":"EUVD-2026-35610","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:29","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47958","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:39","euvd":{"id":"EUVD-2026-35716","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:12","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47962","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:39","euvd":{"id":"EUVD-2026-35614","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:33","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47966","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:39","euvd":{"id":"EUVD-2026-35607","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:26","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47970","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:39","euvd":{"id":"EUVD-2026-35612","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:31","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47944","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:38","euvd":{"id":"EUVD-2026-35721","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:17","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47945","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:38","euvd":{"id":"EUVD-2026-35641","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:49:02","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47946","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:38","euvd":{"id":"EUVD-2026-35719","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","published_time":"2026-06-09T16:48:15","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47947","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:38","euvd":{"id":"EUVD-2026-35623","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","published_time":"2026-06-09T16:48:43","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47948","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:38","euvd":{"id":"EUVD-2026-35609","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:28","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47949","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:38","euvd":{"id":"EUVD-2026-35710","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:06","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47950","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:38","euvd":{"id":"EUVD-2026-35611","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:30","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47951","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:38","euvd":{"id":"EUVD-2026-35620","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:40","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47656","summary":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"vendor":"microsoft","product":"windows_10_1607","version":null,"published_time":"2026-06-09T17:17:37","euvd":{"id":"EUVD-2026-35582","description":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:51","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"products":["Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows Server 2022","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows Server 2019","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 10 Version 1607","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47656","summary":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"vendor":"microsoft","product":"windows_10_1809","version":null,"published_time":"2026-06-09T17:17:37","euvd":{"id":"EUVD-2026-35582","description":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:51","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"products":["Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows Server 2022","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows Server 2019","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 10 Version 1607","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47656","summary":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:37","euvd":{"id":"EUVD-2026-35582","description":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:51","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"products":["Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows Server 2022","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows Server 2019","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 10 Version 1607","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47656","summary":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:37","euvd":{"id":"EUVD-2026-35582","description":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:51","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"products":["Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows Server 2022","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows Server 2019","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 10 Version 1607","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47656","summary":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:37","euvd":{"id":"EUVD-2026-35582","description":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:51","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"products":["Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows Server 2022","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows Server 2019","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 10 Version 1607","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47656","summary":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:37","euvd":{"id":"EUVD-2026-35582","description":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:51","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"products":["Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows Server 2022","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows Server 2019","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 10 Version 1607","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47656","summary":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:37","euvd":{"id":"EUVD-2026-35582","description":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:51","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"products":["Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows Server 2022","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows Server 2019","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 10 Version 1607","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47656","summary":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:37","euvd":{"id":"EUVD-2026-35582","description":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:51","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"products":["Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows Server 2022","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows Server 2019","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 10 Version 1607","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47656","summary":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"vendor":"microsoft","product":"windows_server_2012","version":null,"published_time":"2026-06-09T17:17:37","euvd":{"id":"EUVD-2026-35582","description":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:51","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"products":["Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows Server 2022","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows Server 2019","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 10 Version 1607","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47656","summary":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"vendor":"microsoft","product":"windows_server_2016","version":null,"published_time":"2026-06-09T17:17:37","euvd":{"id":"EUVD-2026-35582","description":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:51","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"products":["Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows Server 2022","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows Server 2019","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 10 Version 1607","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47656","summary":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"vendor":"microsoft","product":"windows_server_2019","version":null,"published_time":"2026-06-09T17:17:37","euvd":{"id":"EUVD-2026-35582","description":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:51","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"products":["Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows Server 2022","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows Server 2019","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 10 Version 1607","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47656","summary":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:37","euvd":{"id":"EUVD-2026-35582","description":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:51","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"products":["Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows Server 2022","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows Server 2019","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 10 Version 1607","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47656","summary":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:37","euvd":{"id":"EUVD-2026-35582","description":"Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:51","cvss":7.9,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47656"],"products":["Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows Server 2022","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows Server 2019","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows 10 Version 1607","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2012 R2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47935","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:37","euvd":{"id":"EUVD-2026-35638","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.","published_time":"2026-06-09T16:48:59","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47936","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:37","euvd":{"id":"EUVD-2026-35630","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:50","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47939","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:37","euvd":{"id":"EUVD-2026-35628","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:48","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47941","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:37","euvd":{"id":"EUVD-2026-35637","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:57","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47942","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:37","euvd":{"id":"EUVD-2026-35617","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:36","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47943","summary":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0003,"ranking_epss":0.09165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"vendor":"adobe","product":"experience_manager","version":null,"published_time":"2026-06-09T17:17:37","euvd":{"id":"EUVD-2026-35619","description":"Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.","published_time":"2026-06-09T16:48:38","cvss":5.4,"cvss_version":"3.1","epss":0.0003,"assigner":"adobe","references":["https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html"],"products":["Adobe Experience Manager"],"vendors":["Adobe"]}},{"cve_id":"CVE-2026-47640","summary":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.19123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47640"],"vendor":"microsoft","product":"sharepoint_server","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35578","description":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","published_time":"2026-06-09T17:05:48","cvss":4.6,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47640"],"products":["Microsoft SharePoint Enterprise Server 2016","Microsoft SharePoint Server 2019","Microsoft SharePoint Server Subscription Edition"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47641","summary":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.00099,"ranking_epss":0.27098,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47641"],"vendor":"microsoft","product":"sharepoint_server","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35513","description":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","published_time":"2026-06-09T17:05:08","cvss":4.6,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47641"],"products":["Microsoft SharePoint Server 2019","Microsoft SharePoint Enterprise Server 2016","Microsoft SharePoint Server Subscription Edition"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47643","summary":"External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00122,"ranking_epss":0.30931,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47643"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35579","description":"External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:49","cvss":9.8,"cvss_version":"3.1","epss":0.0012,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47643"],"products":["Azure Stack Edge"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47648","summary":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"vendor":"microsoft","product":"windows_10_1607","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35515","description":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:09","cvss":7.0,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"products":["Windows Server 2022","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2025","Windows Server 2012 R2","Windows Server 2019","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows Server 2016","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47648","summary":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"vendor":"microsoft","product":"windows_10_1809","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35515","description":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:09","cvss":7.0,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"products":["Windows Server 2022","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2025","Windows Server 2012 R2","Windows Server 2019","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows Server 2016","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47648","summary":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35515","description":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:09","cvss":7.0,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"products":["Windows Server 2022","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2025","Windows Server 2012 R2","Windows Server 2019","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows Server 2016","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47648","summary":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35515","description":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:09","cvss":7.0,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"products":["Windows Server 2022","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2025","Windows Server 2012 R2","Windows Server 2019","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows Server 2016","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47648","summary":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35515","description":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:09","cvss":7.0,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"products":["Windows Server 2022","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2025","Windows Server 2012 R2","Windows Server 2019","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows Server 2016","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47648","summary":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35515","description":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:09","cvss":7.0,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"products":["Windows Server 2022","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2025","Windows Server 2012 R2","Windows Server 2019","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows Server 2016","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47648","summary":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35515","description":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:09","cvss":7.0,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"products":["Windows Server 2022","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2025","Windows Server 2012 R2","Windows Server 2019","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows Server 2016","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47648","summary":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35515","description":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:09","cvss":7.0,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"products":["Windows Server 2022","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2025","Windows Server 2012 R2","Windows Server 2019","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows Server 2016","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47648","summary":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"vendor":"microsoft","product":"windows_server_2012","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35515","description":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:09","cvss":7.0,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"products":["Windows Server 2022","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2025","Windows Server 2012 R2","Windows Server 2019","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows Server 2016","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47648","summary":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"vendor":"microsoft","product":"windows_server_2016","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35515","description":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:09","cvss":7.0,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"products":["Windows Server 2022","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2025","Windows Server 2012 R2","Windows Server 2019","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows Server 2016","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47648","summary":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"vendor":"microsoft","product":"windows_server_2019","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35515","description":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:09","cvss":7.0,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"products":["Windows Server 2022","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2025","Windows Server 2012 R2","Windows Server 2019","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows Server 2016","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47648","summary":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35515","description":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:09","cvss":7.0,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"products":["Windows Server 2022","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2025","Windows Server 2012 R2","Windows Server 2019","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows Server 2016","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47648","summary":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.0011,"ranking_epss":0.29028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35515","description":"Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:09","cvss":7.0,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47648"],"products":["Windows Server 2022","Windows 10 Version 21H2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2025","Windows Server 2012 R2","Windows Server 2019","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows Server 2016","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2012","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47652","summary":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.21213,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47652"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35517","description":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:10","cvss":8.2,"cvss_version":"3.1","epss":0.0007,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47652"],"products":["Windows 11 Version 25H2","Windows 11 Version 23H2","Windows 11 Version 24H2","Windows Server 2025","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2022"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47652","summary":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.21213,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47652"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35517","description":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:10","cvss":8.2,"cvss_version":"3.1","epss":0.0007,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47652"],"products":["Windows 11 Version 25H2","Windows 11 Version 23H2","Windows 11 Version 24H2","Windows Server 2025","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2022"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47652","summary":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.21213,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47652"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35517","description":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:10","cvss":8.2,"cvss_version":"3.1","epss":0.0007,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47652"],"products":["Windows 11 Version 25H2","Windows 11 Version 23H2","Windows 11 Version 24H2","Windows Server 2025","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2022"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47652","summary":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.21213,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47652"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35517","description":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:10","cvss":8.2,"cvss_version":"3.1","epss":0.0007,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47652"],"products":["Windows 11 Version 25H2","Windows 11 Version 23H2","Windows 11 Version 24H2","Windows Server 2025","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2022"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47652","summary":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.21213,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47652"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35517","description":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:10","cvss":8.2,"cvss_version":"3.1","epss":0.0007,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47652"],"products":["Windows 11 Version 25H2","Windows 11 Version 23H2","Windows 11 Version 24H2","Windows Server 2025","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2022"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47652","summary":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","cvss":8.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.2,"cvss_v4":null,"epss":0.00068,"ranking_epss":0.21213,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47652"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35517","description":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:10","cvss":8.2,"cvss_version":"3.1","epss":0.0007,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47652"],"products":["Windows 11 Version 25H2","Windows 11 Version 23H2","Windows 11 Version 24H2","Windows Server 2025","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2022"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47653","summary":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23366,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47653"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35516","description":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:09","cvss":8.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47653"],"products":["Windows 10 Version 22H2","Windows Server 2025","Windows Server 2012 (Server Core installation)","Windows Server 2022","Windows Server 2019 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2012 R2","Windows Server 2016","Windows 11 version 26H1","Windows 10 Version 1607","Windows Server 2019","Windows 11 Version 25H2","Windows Server 2012","Windows 10 Version 1809","Windows Server 2012 R2 (Server Core installation)","Windows 11 Version 24H2","Windows 11 Version 23H2","Windows Server 2016 (Server Core installation)","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47654","summary":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00074,"ranking_epss":0.22501,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47654"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:36","euvd":{"id":"EUVD-2026-35518","description":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:11","cvss":7.5,"cvss_version":"3.1","epss":0.0007,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47654"],"products":["Windows Server 2025","Windows Server 2022","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows Server 2016","Windows Server 2016 (Server Core installation)","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47298","summary":"Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00072,"ranking_epss":0.21939,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47298"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:35","euvd":{"id":"EUVD-2026-35505","description":"Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:02","cvss":8.0,"cvss_version":"3.1","epss":0.0007,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47298"],"products":["Microsoft SharePoint Server 2019","Microsoft SharePoint Server Subscription Edition","Microsoft SharePoint Enterprise Server 2016"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47631","summary":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00065,"ranking_epss":0.20285,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47631"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:35","euvd":{"id":"EUVD-2026-35506","description":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.","published_time":"2026-06-09T17:05:03","cvss":8.1,"cvss_version":"3.1","epss":0.0007,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47631"],"products":["Microsoft Exchange Server 2016 Cumulative Update 23","Microsoft Exchange Server Subscription Edition RTM","Microsoft Exchange Server 2019 Cumulative Update 14","Microsoft Exchange Server 2019 Cumulative Update 15"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47634","summary":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","cvss":7.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.3,"cvss_v4":null,"epss":0.00063,"ranking_epss":0.19907,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47634"],"vendor":"microsoft","product":"sharepoint_server","version":null,"published_time":"2026-06-09T17:17:35","euvd":{"id":"EUVD-2026-35577","description":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","published_time":"2026-06-09T17:05:48","cvss":7.3,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47634"],"products":["Microsoft SharePoint Server 2019","Microsoft SharePoint Server Subscription Edition"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47635","summary":"Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.1907,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47635"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:35","euvd":{"id":"EUVD-2026-35508","description":"Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:05","cvss":8.4,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47635"],"products":["Microsoft Office LTSC 2024"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47636","summary":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.19123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47636"],"vendor":"microsoft","product":"sharepoint_server","version":null,"published_time":"2026-06-09T17:17:35","euvd":{"id":"EUVD-2026-35509","description":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","published_time":"2026-06-09T17:05:05","cvss":5.4,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47636"],"products":["Microsoft SharePoint Server 2019","Microsoft SharePoint Server Subscription Edition","Microsoft SharePoint Enterprise Server 2016"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47637","summary":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.19123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47637"],"vendor":"microsoft","product":"sharepoint_server","version":null,"published_time":"2026-06-09T17:17:35","euvd":{"id":"EUVD-2026-35510","description":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","published_time":"2026-06-09T17:05:06","cvss":4.6,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47637"],"products":["Microsoft SharePoint Server Subscription Edition","Microsoft SharePoint Server 2019","Microsoft SharePoint Enterprise Server 2016"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47638","summary":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","cvss":4.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.6,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.19123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47638"],"vendor":"microsoft","product":"sharepoint_server","version":null,"published_time":"2026-06-09T17:17:35","euvd":{"id":"EUVD-2026-35511","description":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","published_time":"2026-06-09T17:05:06","cvss":4.6,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47638"],"products":["Microsoft SharePoint Enterprise Server 2016","Microsoft SharePoint Server Subscription Edition","Microsoft SharePoint Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47639","summary":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","cvss":5.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.4,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.19123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47639"],"vendor":"microsoft","product":"sharepoint_server","version":null,"published_time":"2026-06-09T17:17:35","euvd":{"id":"EUVD-2026-35512","description":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.","published_time":"2026-06-09T17:05:07","cvss":5.4,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47639"],"products":["Microsoft SharePoint Server Subscription Edition","Microsoft SharePoint Enterprise Server 2016","Microsoft SharePoint Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47284","summary":"Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00103,"ranking_epss":0.27657,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47284"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35574","description":"Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.","published_time":"2026-06-09T17:05:46","cvss":6.5,"cvss_version":"3.1","epss":0.001,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47284"],"products":["Visual Studio Code"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47287","summary":"Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"cvss_v4":null,"epss":0.00059,"ranking_epss":0.18829,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47287"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35698","description":"Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.","published_time":"2026-06-09T17:04:57","cvss":6.5,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47287"],"products":["Visual Studio Code"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47288","summary":"Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00322,"ranking_epss":0.55682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47288"],"vendor":"microsoft","product":"windows_server_2012","version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35699","description":"Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.","published_time":"2026-06-09T17:04:58","cvss":7.1,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47288"],"products":["Windows Server 2016 (Server Core installation)","Windows Server 2025 (Server Core installation)","Windows Server 2025","Windows Server 2019","Windows Server 2012","Windows Server 2022","Windows Server 2012 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2","Windows Server 2016","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47288","summary":"Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00322,"ranking_epss":0.55682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47288"],"vendor":"microsoft","product":"windows_server_2016","version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35699","description":"Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.","published_time":"2026-06-09T17:04:58","cvss":7.1,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47288"],"products":["Windows Server 2016 (Server Core installation)","Windows Server 2025 (Server Core installation)","Windows Server 2025","Windows Server 2019","Windows Server 2012","Windows Server 2022","Windows Server 2012 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2","Windows Server 2016","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47288","summary":"Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00322,"ranking_epss":0.55682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47288"],"vendor":"microsoft","product":"windows_server_2019","version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35699","description":"Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.","published_time":"2026-06-09T17:04:58","cvss":7.1,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47288"],"products":["Windows Server 2016 (Server Core installation)","Windows Server 2025 (Server Core installation)","Windows Server 2025","Windows Server 2019","Windows Server 2012","Windows Server 2022","Windows Server 2012 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2","Windows Server 2016","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47288","summary":"Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00322,"ranking_epss":0.55682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47288"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35699","description":"Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.","published_time":"2026-06-09T17:04:58","cvss":7.1,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47288"],"products":["Windows Server 2016 (Server Core installation)","Windows Server 2025 (Server Core installation)","Windows Server 2025","Windows Server 2019","Windows Server 2012","Windows Server 2022","Windows Server 2012 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2","Windows Server 2016","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47288","summary":"Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00322,"ranking_epss":0.55682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47288"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35699","description":"Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.","published_time":"2026-06-09T17:04:58","cvss":7.1,"cvss_version":"3.1","epss":0.0032,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47288"],"products":["Windows Server 2016 (Server Core installation)","Windows Server 2025 (Server Core installation)","Windows Server 2025","Windows Server 2019","Windows Server 2012","Windows Server 2022","Windows Server 2012 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2","Windows Server 2016","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47289","summary":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23366,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47289"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35700","description":"Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:58","cvss":8.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47289"],"products":["Windows Server 2012 (Server Core installation)","Windows Server 2022","Windows 11 version 26H1","Windows Server 2012 R2","Windows Server 2025 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2019","Windows 11 Version 25H2","Windows Server 2019 (Server Core installation)","Windows 10 Version 1607","Windows Server 2012","Windows Server 2016","Windows 11 Version 23H2","Windows Server 2025","Windows App Client for Windows Desktop","Windows 10 Version 22H2","Windows 10 Version 1809","Windows 11 Version 24H2","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47291","summary":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"vendor":"microsoft","product":"windows_10_1607","version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35501","description":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:59","cvss":9.8,"cvss_version":"3.1","epss":0.0018,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 version 26H1","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2025","Windows Server 2022","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 21H2","Windows Server 2012 R2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47291","summary":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"vendor":"microsoft","product":"windows_10_1809","version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35501","description":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:59","cvss":9.8,"cvss_version":"3.1","epss":0.0018,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 version 26H1","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2025","Windows Server 2022","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 21H2","Windows Server 2012 R2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47291","summary":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35501","description":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:59","cvss":9.8,"cvss_version":"3.1","epss":0.0018,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 version 26H1","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2025","Windows Server 2022","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 21H2","Windows Server 2012 R2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47291","summary":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35501","description":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:59","cvss":9.8,"cvss_version":"3.1","epss":0.0018,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 version 26H1","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2025","Windows Server 2022","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 21H2","Windows Server 2012 R2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47291","summary":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35501","description":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:59","cvss":9.8,"cvss_version":"3.1","epss":0.0018,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 version 26H1","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2025","Windows Server 2022","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 21H2","Windows Server 2012 R2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47291","summary":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35501","description":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:59","cvss":9.8,"cvss_version":"3.1","epss":0.0018,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 version 26H1","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2025","Windows Server 2022","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 21H2","Windows Server 2012 R2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47291","summary":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35501","description":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:59","cvss":9.8,"cvss_version":"3.1","epss":0.0018,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 version 26H1","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2025","Windows Server 2022","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 21H2","Windows Server 2012 R2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47291","summary":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35501","description":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:59","cvss":9.8,"cvss_version":"3.1","epss":0.0018,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 version 26H1","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2025","Windows Server 2022","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 21H2","Windows Server 2012 R2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47291","summary":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"vendor":"microsoft","product":"windows_server_2012","version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35501","description":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:59","cvss":9.8,"cvss_version":"3.1","epss":0.0018,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 version 26H1","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2025","Windows Server 2022","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 21H2","Windows Server 2012 R2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47291","summary":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"vendor":"microsoft","product":"windows_server_2016","version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35501","description":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:59","cvss":9.8,"cvss_version":"3.1","epss":0.0018,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 version 26H1","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2025","Windows Server 2022","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 21H2","Windows Server 2012 R2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47291","summary":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"vendor":"microsoft","product":"windows_server_2019","version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35501","description":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:59","cvss":9.8,"cvss_version":"3.1","epss":0.0018,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 version 26H1","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2025","Windows Server 2022","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 21H2","Windows Server 2012 R2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47291","summary":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35501","description":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:59","cvss":9.8,"cvss_version":"3.1","epss":0.0018,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 version 26H1","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2025","Windows Server 2022","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 21H2","Windows Server 2012 R2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47291","summary":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00202,"ranking_epss":0.42239,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35501","description":"Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:59","cvss":9.8,"cvss_version":"3.1","epss":0.0018,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47291"],"products":["Windows Server 2016 (Server Core installation)","Windows 11 version 26H1","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows 10 Version 1607","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2025","Windows Server 2022","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 21H2","Windows Server 2012 R2","Windows 11 Version 25H2","Windows 11 Version 23H2","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47292","summary":"Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00157,"ranking_epss":0.363,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47292"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35502","description":"Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:04:59","cvss":7.8,"cvss_version":"3.1","epss":0.0016,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47292"],"products":["Visual Studio Code - MSSQL Extension"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-47293","summary":"Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17473,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47293"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:34","euvd":{"id":"EUVD-2026-35575","description":"Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:47","cvss":7.0,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47293"],"products":["Microsoft Office 2019","Microsoft 365 Apps for Enterprise","Microsoft Office LTSC 2024","Microsoft Office LTSC 2021"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45657","summary":"Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00137,"ranking_epss":0.33466,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45657"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35697","description":"Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:56","cvss":9.8,"cvss_version":"3.1","epss":0.0012,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45657"],"products":["Windows Server 2025 (Server Core installation)","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2025","Windows 11 version 26H1","Windows 11 Version 24H2","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45657","summary":"Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00137,"ranking_epss":0.33466,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45657"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35697","description":"Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:56","cvss":9.8,"cvss_version":"3.1","epss":0.0012,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45657"],"products":["Windows Server 2025 (Server Core installation)","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2025","Windows 11 version 26H1","Windows 11 Version 24H2","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45657","summary":"Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00137,"ranking_epss":0.33466,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45657"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35697","description":"Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:56","cvss":9.8,"cvss_version":"3.1","epss":0.0012,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45657"],"products":["Windows Server 2025 (Server Core installation)","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2025","Windows 11 version 26H1","Windows 11 Version 24H2","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45657","summary":"Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00137,"ranking_epss":0.33466,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45657"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35697","description":"Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:56","cvss":9.8,"cvss_version":"3.1","epss":0.0012,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45657"],"products":["Windows Server 2025 (Server Core installation)","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2025","Windows 11 version 26H1","Windows 11 Version 24H2","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45657","summary":"Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00137,"ranking_epss":0.33466,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45657"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35697","description":"Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:56","cvss":9.8,"cvss_version":"3.1","epss":0.0012,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45657"],"products":["Windows Server 2025 (Server Core installation)","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2025","Windows 11 version 26H1","Windows 11 Version 24H2","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45657","summary":"Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"cvss_v4":null,"epss":0.00137,"ranking_epss":0.33466,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45657"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35697","description":"Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:56","cvss":9.8,"cvss_version":"3.1","epss":0.0012,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45657"],"products":["Windows Server 2025 (Server Core installation)","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2025","Windows 11 version 26H1","Windows 11 Version 24H2","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45658","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"vendor":"microsoft","product":"windows_10_1607","version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35572","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:45","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"products":["Windows 10 Version 22H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2022","Windows Server 2025 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2","Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 11 Version 24H2","Windows 10 Version 1809","Windows Server 2019","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45658","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"vendor":"microsoft","product":"windows_10_1809","version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35572","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:45","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"products":["Windows 10 Version 22H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2022","Windows Server 2025 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2","Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 11 Version 24H2","Windows 10 Version 1809","Windows Server 2019","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45658","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35572","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:45","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"products":["Windows 10 Version 22H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2022","Windows Server 2025 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2","Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 11 Version 24H2","Windows 10 Version 1809","Windows Server 2019","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45658","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35572","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:45","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"products":["Windows 10 Version 22H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2022","Windows Server 2025 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2","Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 11 Version 24H2","Windows 10 Version 1809","Windows Server 2019","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45658","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35572","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:45","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"products":["Windows 10 Version 22H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2022","Windows Server 2025 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2","Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 11 Version 24H2","Windows 10 Version 1809","Windows Server 2019","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45658","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35572","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:45","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"products":["Windows 10 Version 22H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2022","Windows Server 2025 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2","Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 11 Version 24H2","Windows 10 Version 1809","Windows Server 2019","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45658","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35572","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:45","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"products":["Windows 10 Version 22H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2022","Windows Server 2025 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2","Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 11 Version 24H2","Windows 10 Version 1809","Windows Server 2019","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45658","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35572","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:45","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"products":["Windows 10 Version 22H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2022","Windows Server 2025 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2","Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 11 Version 24H2","Windows 10 Version 1809","Windows Server 2019","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45658","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"vendor":"microsoft","product":"windows_server_2012","version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35572","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:45","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"products":["Windows 10 Version 22H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2022","Windows Server 2025 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2","Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 11 Version 24H2","Windows 10 Version 1809","Windows Server 2019","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45658","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"vendor":"microsoft","product":"windows_server_2016","version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35572","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:45","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"products":["Windows 10 Version 22H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2022","Windows Server 2025 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2","Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 11 Version 24H2","Windows 10 Version 1809","Windows Server 2019","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45658","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"vendor":"microsoft","product":"windows_server_2019","version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35572","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:45","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"products":["Windows 10 Version 22H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2022","Windows Server 2025 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2","Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 11 Version 24H2","Windows 10 Version 1809","Windows Server 2019","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45658","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35572","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:45","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"products":["Windows 10 Version 22H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2022","Windows Server 2025 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2","Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 11 Version 24H2","Windows 10 Version 1809","Windows Server 2019","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45658","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00058,"ranking_epss":0.18406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35572","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:05:45","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45658"],"products":["Windows 10 Version 22H2","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2016","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2022","Windows Server 2025 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows Server 2012 R2","Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 11 Version 24H2","Windows 10 Version 1809","Windows Server 2019","Windows 10 Version 21H2","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45771","summary":"FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested <!ENTITY> declarations without a depth or count bound, so a small DTD can describe a body that expands exponentially (\"billion laughs\"). The PIDF body of a SIP PUBLISH is fed to this parser before any digest check, letting an unauthenticated network attacker force unbounded CPU and memory consumption with a single request. This issue has been patched in version 1.11.0.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00044,"ranking_epss":0.14076,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/signalwire/freeswitch/releases/tag/v1.11.0","https://github.com/signalwire/freeswitch/security/advisories/GHSA-5vjg-pv56-vg4c"],"vendor":"freeswitch","product":"freeswitch","version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35468","description":"FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested <!ENTITY> declarations without a depth or count bound, so a small DTD can describe a body that expands exponentially (\"billion laughs\"). The PIDF body of a SIP PUBLISH is fed to this parser before any digest check, letting an unauthenticated network attacker force unbounded CPU and memory consumption with a single request. This issue has been patched in version 1.11.0.","published_time":"2026-06-09T15:51:49","cvss":7.5,"cvss_version":"3.1","epss":0.0004,"assigner":"GitHub_M","references":["https://github.com/signalwire/freeswitch/security/advisories/GHSA-5vjg-pv56-vg4c","https://github.com/signalwire/freeswitch/releases/tag/v1.11.0"],"products":["freeswitch"],"vendors":["signalwire"]}},{"cve_id":"CVE-2026-46492","summary":"md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting (XSS) vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including <script> tags—is processed and injected into the resulting page without sanitization, allowing arbitrary JavaScript execution in the context of the affected domain. This issue has been patched in version 1.10.3.","cvss":7.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.2,"cvss_v4":null,"epss":0.00047,"ranking_epss":0.15067,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://github.com/commenthol/md-fileserver/releases/tag/v1.10.3","https://github.com/commenthol/md-fileserver/security/advisories/GHSA-32q2-hhr5-6qvv","https://github.com/commenthol/md-fileserver/security/advisories/GHSA-32q2-hhr5-6qvv"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35496","description":"md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting (XSS) vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including <script> tags—is processed and injected into the resulting page without sanitization, allowing arbitrary JavaScript execution in the context of the affected domain. This issue has been patched in version 1.10.3.","published_time":"2026-06-09T16:09:29","cvss":7.2,"cvss_version":"3.1","epss":0.0005,"assigner":"GitHub_M","references":["https://github.com/commenthol/md-fileserver/security/advisories/GHSA-32q2-hhr5-6qvv","https://github.com/commenthol/md-fileserver/releases/tag/v1.10.3"],"products":["md-fileserver"],"vendors":["commenthol"]}},{"cve_id":"CVE-2026-47281","summary":"Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.","cvss":9.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.6,"cvss_v4":null,"epss":0.00076,"ranking_epss":0.22881,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47281"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:33","euvd":{"id":"EUVD-2026-35573","description":"Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.","published_time":"2026-06-09T17:05:45","cvss":9.6,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47281"],"products":["Visual Studio Code"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45649","summary":"Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.","cvss":7.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.1,"cvss_v4":null,"epss":0.00052,"ranking_epss":0.16713,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45649"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:32","euvd":{"id":"EUVD-2026-35693","description":"Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.","published_time":"2026-06-09T17:04:54","cvss":7.1,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45649"],"products":["Microsoft Word for Android","Microsoft PowerPoint for Android","Microsoft Excel for Android"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45650","summary":"User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.","cvss":4.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":4.3,"cvss_v4":null,"epss":0.00077,"ranking_epss":0.2302,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45650"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:32","euvd":{"id":"EUVD-2026-35694","description":"User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.","published_time":"2026-06-09T17:04:55","cvss":4.3,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45650"],"products":["Microsoft Bing Search for Android"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45653","summary":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17473,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45653"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:32","euvd":{"id":"EUVD-2026-35569","description":"Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:43","cvss":7.0,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45653"],"products":["Windows Server 2016","Windows 11 Version 24H2","Windows Server 2012 R2","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows 11 Version 25H2","Windows Server 2012","Windows 11 Version 23H2","Windows 10 Version 22H2","Windows Server 2025","Windows 10 Version 1607","Windows 10 Version 21H2","Windows Server 2019 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows Server 2022","Windows Server 2012 R2 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45654","summary":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","cvss":7.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.9,"cvss_v4":null,"epss":0.00061,"ranking_epss":0.19214,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45654"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:32","euvd":{"id":"EUVD-2026-35570","description":"Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:05:43","cvss":7.9,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45654"],"products":["Windows 11 Version 24H2","Windows 11 version 26H1","Windows 11 version 26H1","Windows 11 Version 25H2","Windows Server 2025 (Server Core installation)","Windows Server 2025"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45655","summary":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"cvss_v4":null,"epss":0.00076,"ranking_epss":0.22786,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45655"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:32","euvd":{"id":"EUVD-2026-35695","description":"Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.","published_time":"2026-06-09T17:04:55","cvss":5.3,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45655"],"products":["Windows Server 2012 R2 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows Server 2019","Windows Server 2022","Windows 10 Version 1607","Windows Server 2012 R2","Windows 11 Version 24H2","Windows 10 Version 21H2","Windows 10 Version 22H2","Windows Server 2012 (Server Core installation)","Windows 11 version 26H1","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2016","Windows 10 Version 1809","Windows Server 2012","Windows 11 Version 23H2","Windows Server 2025"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45656","summary":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"vendor":"microsoft","product":"windows_10_1607","version":null,"published_time":"2026-06-09T17:17:32","euvd":{"id":"EUVD-2026-35696","description":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:04:56","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"products":["Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 version 26H1","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2016","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2012 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45656","summary":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"vendor":"microsoft","product":"windows_10_1809","version":null,"published_time":"2026-06-09T17:17:32","euvd":{"id":"EUVD-2026-35696","description":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:04:56","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"products":["Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 version 26H1","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2016","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2012 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45656","summary":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:32","euvd":{"id":"EUVD-2026-35696","description":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:04:56","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"products":["Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 version 26H1","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2016","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2012 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45656","summary":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:32","euvd":{"id":"EUVD-2026-35696","description":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:04:56","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"products":["Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 version 26H1","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2016","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2012 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45656","summary":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:32","euvd":{"id":"EUVD-2026-35696","description":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:04:56","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"products":["Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 version 26H1","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2016","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2012 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45656","summary":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:32","euvd":{"id":"EUVD-2026-35696","description":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:04:56","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"products":["Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 version 26H1","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2016","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2012 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45656","summary":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:32","euvd":{"id":"EUVD-2026-35696","description":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:04:56","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"products":["Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 version 26H1","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2016","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2012 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45656","summary":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:32","euvd":{"id":"EUVD-2026-35696","description":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:04:56","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"products":["Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 version 26H1","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2016","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2012 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45656","summary":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"vendor":"microsoft","product":"windows_server_2012","version":null,"published_time":"2026-06-09T17:17:32","euvd":{"id":"EUVD-2026-35696","description":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:04:56","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"products":["Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 version 26H1","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2016","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2012 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45656","summary":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"vendor":"microsoft","product":"windows_server_2016","version":null,"published_time":"2026-06-09T17:17:32","euvd":{"id":"EUVD-2026-35696","description":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:04:56","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"products":["Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 version 26H1","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2016","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2012 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45656","summary":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"vendor":"microsoft","product":"windows_server_2019","version":null,"published_time":"2026-06-09T17:17:32","euvd":{"id":"EUVD-2026-35696","description":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:04:56","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"products":["Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 version 26H1","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2016","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2012 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45656","summary":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:32","euvd":{"id":"EUVD-2026-35696","description":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:04:56","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"products":["Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 version 26H1","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2016","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2012 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45656","summary":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00078,"ranking_epss":0.23294,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:32","euvd":{"id":"EUVD-2026-35696","description":"Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.","published_time":"2026-06-09T17:04:56","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45656"],"products":["Windows Server 2012 R2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows Server 2025","Windows Server 2019","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows 11 Version 25H2","Windows 11 version 26H1","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2016","Windows 11 version 26H1","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2012","Windows 10 Version 1809","Windows Server 2012 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45641","summary":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"cvss_v4":null,"epss":0.0015,"ranking_epss":0.35325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45641"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35687","description":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:04:51","cvss":8.4,"cvss_version":"3.1","epss":0.0015,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45641"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2025","Windows 11 version 26H1","Windows 10 Version 22H2","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45641","summary":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"cvss_v4":null,"epss":0.0015,"ranking_epss":0.35325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45641"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35687","description":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:04:51","cvss":8.4,"cvss_version":"3.1","epss":0.0015,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45641"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2025","Windows 11 version 26H1","Windows 10 Version 22H2","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45641","summary":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"cvss_v4":null,"epss":0.0015,"ranking_epss":0.35325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45641"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35687","description":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:04:51","cvss":8.4,"cvss_version":"3.1","epss":0.0015,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45641"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2025","Windows 11 version 26H1","Windows 10 Version 22H2","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45641","summary":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"cvss_v4":null,"epss":0.0015,"ranking_epss":0.35325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45641"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35687","description":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:04:51","cvss":8.4,"cvss_version":"3.1","epss":0.0015,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45641"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2025","Windows 11 version 26H1","Windows 10 Version 22H2","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45641","summary":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"cvss_v4":null,"epss":0.0015,"ranking_epss":0.35325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45641"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35687","description":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:04:51","cvss":8.4,"cvss_version":"3.1","epss":0.0015,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45641"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2025","Windows 11 version 26H1","Windows 10 Version 22H2","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45641","summary":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"cvss_v4":null,"epss":0.0015,"ranking_epss":0.35325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45641"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35687","description":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:04:51","cvss":8.4,"cvss_version":"3.1","epss":0.0015,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45641"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2025","Windows 11 version 26H1","Windows 10 Version 22H2","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45641","summary":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"cvss_v4":null,"epss":0.0015,"ranking_epss":0.35325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45641"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35687","description":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:04:51","cvss":8.4,"cvss_version":"3.1","epss":0.0015,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45641"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2025","Windows 11 version 26H1","Windows 10 Version 22H2","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45641","summary":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"cvss_v4":null,"epss":0.0015,"ranking_epss":0.35325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45641"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35687","description":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:04:51","cvss":8.4,"cvss_version":"3.1","epss":0.0015,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45641"],"products":["Windows 10 Version 21H2","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2025","Windows 11 version 26H1","Windows 10 Version 22H2","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45642","summary":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","cvss":3.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.9,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"vendor":"microsoft","product":"windows_10_1607","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35689","description":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","published_time":"2026-06-09T17:04:52","cvss":3.9,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"products":["Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2016 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2025","Windows Server 2016","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2012 R2","Windows 10 Version 1607","Windows 10 Version 21H2","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45642","summary":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","cvss":3.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.9,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"vendor":"microsoft","product":"windows_10_1809","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35689","description":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","published_time":"2026-06-09T17:04:52","cvss":3.9,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"products":["Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2016 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2025","Windows Server 2016","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2012 R2","Windows 10 Version 1607","Windows 10 Version 21H2","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45642","summary":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","cvss":3.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.9,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35689","description":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","published_time":"2026-06-09T17:04:52","cvss":3.9,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"products":["Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2016 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2025","Windows Server 2016","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2012 R2","Windows 10 Version 1607","Windows 10 Version 21H2","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45642","summary":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","cvss":3.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.9,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35689","description":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","published_time":"2026-06-09T17:04:52","cvss":3.9,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"products":["Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2016 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2025","Windows Server 2016","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2012 R2","Windows 10 Version 1607","Windows 10 Version 21H2","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45642","summary":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","cvss":3.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.9,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35689","description":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","published_time":"2026-06-09T17:04:52","cvss":3.9,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"products":["Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2016 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2025","Windows Server 2016","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2012 R2","Windows 10 Version 1607","Windows 10 Version 21H2","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45642","summary":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","cvss":3.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.9,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35689","description":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","published_time":"2026-06-09T17:04:52","cvss":3.9,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"products":["Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2016 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2025","Windows Server 2016","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2012 R2","Windows 10 Version 1607","Windows 10 Version 21H2","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45642","summary":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","cvss":3.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.9,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35689","description":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","published_time":"2026-06-09T17:04:52","cvss":3.9,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"products":["Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2016 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2025","Windows Server 2016","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2012 R2","Windows 10 Version 1607","Windows 10 Version 21H2","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45642","summary":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","cvss":3.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.9,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35689","description":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","published_time":"2026-06-09T17:04:52","cvss":3.9,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"products":["Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2016 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2025","Windows Server 2016","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2012 R2","Windows 10 Version 1607","Windows 10 Version 21H2","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45642","summary":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","cvss":3.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.9,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"vendor":"microsoft","product":"windows_server_2012","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35689","description":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","published_time":"2026-06-09T17:04:52","cvss":3.9,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"products":["Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2016 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2025","Windows Server 2016","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2012 R2","Windows 10 Version 1607","Windows 10 Version 21H2","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45642","summary":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","cvss":3.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.9,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"vendor":"microsoft","product":"windows_server_2016","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35689","description":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","published_time":"2026-06-09T17:04:52","cvss":3.9,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"products":["Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2016 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2025","Windows Server 2016","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2012 R2","Windows 10 Version 1607","Windows 10 Version 21H2","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45642","summary":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","cvss":3.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.9,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"vendor":"microsoft","product":"windows_server_2019","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35689","description":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","published_time":"2026-06-09T17:04:52","cvss":3.9,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"products":["Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2016 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2025","Windows Server 2016","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2012 R2","Windows 10 Version 1607","Windows 10 Version 21H2","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45642","summary":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","cvss":3.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.9,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35689","description":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","published_time":"2026-06-09T17:04:52","cvss":3.9,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"products":["Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2016 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2025","Windows Server 2016","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2012 R2","Windows 10 Version 1607","Windows 10 Version 21H2","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45642","summary":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","cvss":3.9,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":3.9,"cvss_v4":null,"epss":0.00106,"ranking_epss":0.28255,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35689","description":"Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.","published_time":"2026-06-09T17:04:52","cvss":3.9,"cvss_version":"3.1","epss":0.0011,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45642"],"products":["Windows 11 Version 23H2","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2016 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows 11 version 26H1","Windows Server 2025","Windows Server 2016","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2019","Windows Server 2012 R2","Windows 10 Version 1607","Windows 10 Version 21H2","Windows 11 Version 24H2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45643","summary":"Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.2342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45643"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35690","description":"Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:04:52","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45643"],"products":["Microsoft Office 365 for Mac","Microsoft Office LTSC for Mac 2024","Microsoft Office LTSC 2021","Microsoft 365 Apps for Enterprise","Microsoft Office LTSC for Mac 2021","Microsoft Office LTSC 2024"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45644","summary":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network.","cvss":8.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.0,"cvss_v4":null,"epss":0.00082,"ranking_epss":0.24083,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45644"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35568","description":"Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network.","published_time":"2026-06-09T17:05:42","cvss":8.0,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45644"],"products":["Microsoft Live Share Canvas SDK"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45645","summary":"Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00079,"ranking_epss":0.2342,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45645"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35691","description":"Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:04:53","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45645"],"products":["Microsoft Office 2016","Microsoft Office 365 for Mac","Microsoft Office LTSC for Mac 2021","Microsoft Office LTSC for Mac 2024","Microsoft Office 2019","Microsoft Office LTSC 2024","Microsoft 365 Apps for Enterprise","Microsoft Office LTSC 2021"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45647","summary":"Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.0005,"ranking_epss":0.16028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45647"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35571","description":"Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:44","cvss":5.5,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45647"],"products":["Microsoft Defender for Endpoint for Mac"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45648","summary":"Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"cvss_v4":null,"epss":0.00085,"ranking_epss":0.24586,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45648"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:31","euvd":{"id":"EUVD-2026-35692","description":"Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.","published_time":"2026-06-09T17:04:53","cvss":8.8,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45648"],"products":["Windows Server 2025","Windows Server 2022","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45635","summary":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00361,"ranking_epss":0.58651,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45635"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:30","euvd":{"id":"EUVD-2026-35563","description":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:38","cvss":8.1,"cvss_version":"3.1","epss":0.0036,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45635"],"products":["Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows Server 2019","Windows 10 Version 1607","Windows Server 2012 R2","Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows Server 2012","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2016 (Server Core installation)","Windows Server 2016","Windows 10 Version 1809","Windows 10 Version 21H2","Windows Server 2025","Windows 10 Version 22H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2025 (Server Core installation)","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45636","summary":"Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00117,"ranking_epss":0.30033,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45636"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:30","euvd":{"id":"EUVD-2026-35559","description":"Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:05:35","cvss":7.8,"cvss_version":"3.1","epss":0.0012,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45636"],"products":["Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows Server 2016","Windows 11 Version 25H2","Windows Server 2025","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows Server 2012","Windows 10 Version 21H2","Windows Server 2022","Windows 10 Version 1809","Windows Server 2012 R2","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2016 (Server Core installation)","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45637","summary":"Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45637"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:30","euvd":{"id":"EUVD-2026-35566","description":"Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:41","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45637"],"products":["Windows 10 Version 22H2","Windows 11 Version 24H2","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2","Windows 10 Version 1809","Windows 10 Version 21H2","Windows Server 2019 (Server Core installation)","Windows Server 2025","Windows Server 2019","Windows 11 version 26H1","Windows 11 Version 25H2","Windows Server 2022"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45638","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45638"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:30","euvd":{"id":"EUVD-2026-35564","description":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:39","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45638"],"products":["Windows Server 2025 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows Server 2019 (Server Core installation)","Windows Server 2025","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 1607","Windows Server 2012","Windows 11 Version 25H2","Windows 11 version 26H1","Windows Server 2019","Windows Server 2012 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows Server 2022","Windows Server 2016","Windows Server 2012 R2","Windows 11 Version 24H2","Windows 10 Version 1809","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45639","summary":"Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"cvss_v4":null,"epss":0.00081,"ranking_epss":0.2382,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45639"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:30","euvd":{"id":"EUVD-2026-35683","description":"Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.","published_time":"2026-06-09T17:04:49","cvss":7.5,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45639"],"products":["Windows Server 2025","Windows 11 Version 25H2","Windows Server 2012","Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2","Windows Server 2016","Windows Server 2022","Windows 10 Version 21H2","Windows Server 2019","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2","Windows App Client for Windows Desktop","Windows 11 version 26H1","Remote Desktop client for Windows Desktop","Windows Server 2012 (Server Core installation)","Windows 10 Version 1607","Windows Server 2016 (Server Core installation)","Windows Server 2012 R2","Windows 10 Version 1809","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 22H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45640","summary":"Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00055,"ranking_epss":0.17473,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45640"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:30","euvd":{"id":"EUVD-2026-35684","description":"Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:04:49","cvss":7.0,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45640"],"products":["Windows Server 2025 (Server Core installation)","Windows 11 version 26H1","Windows Server 2025","Windows 11 Version 24H2","Windows 10 Version 22H2","Windows 11 Version 25H2","Windows Server 2022","Windows 11 Version 23H2","Windows 10 Version 21H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45604","summary":"Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.16325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45604"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:29","euvd":{"id":"EUVD-2026-35553","description":"Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.","published_time":"2026-06-09T17:05:31","cvss":5.5,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45604"],"products":["Windows 11 version 26H1","Windows 11 Version 23H2","Windows Server 2025 (Server Core installation)","Windows 11 Version 25H2","Windows 11 Version 24H2","Windows Server 2025"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45605","summary":"Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.18917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45605"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:29","euvd":{"id":"EUVD-2026-35682","description":"Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:04:48","cvss":7.8,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45605"],"products":["Windows 10 Version 22H2","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2016 (Server Core installation)","Windows Server 2025","Windows 10 Version 21H2","Windows Server 2019","Windows Server 2025 (Server Core installation)","Windows Server 2016","Windows 10 Version 1809","Windows 11 Version 24H2","Windows 11 version 26H1","Windows Server 2019 (Server Core installation)","Windows 10 Version 1607","Windows 11 Version 23H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45606","summary":"Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.16322,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45606"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:29","euvd":{"id":"EUVD-2026-35685","description":"Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.","published_time":"2026-06-09T17:04:50","cvss":5.5,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45606"],"products":["Windows Server 2025 (Server Core installation)","Windows 11 Version 23H2","Windows 10 Version 1809","Windows Server 2012","Windows Server 2022","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 1607","Windows 11 Version 24H2","Windows Server 2012 R2","Windows Server 2016","Windows 10 Version 22H2","Windows Server 2016 (Server Core installation)","Windows Server 2025","Windows Server 2019 (Server Core installation)","Windows 11 version 26H1","Windows 11 Version 25H2","Windows 10 Version 21H2","Windows Server 2019"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45607","summary":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","cvss":8.4,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.4,"cvss_v4":null,"epss":0.0006,"ranking_epss":0.1907,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45607"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:29","euvd":{"id":"EUVD-2026-35686","description":"Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.","published_time":"2026-06-09T17:04:50","cvss":8.4,"cvss_version":"3.1","epss":0.0006,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45607"],"products":["Windows 10 Version 1607","Windows 11 Version 23H2","Windows 11 Version 24H2","Windows Server 2019 (Server Core installation)","Windows Server 2025","Windows Server 2016 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2022","Windows 10 Version 22H2","Windows 10 Version 21H2","Windows Server 2019","Windows 11 version 26H1","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)","Windows Server 2016"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45608","summary":"Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.","cvss":6.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.8,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15681,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45608"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:29","euvd":{"id":"EUVD-2026-35567","description":"Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.","published_time":"2026-06-09T17:05:41","cvss":6.8,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45608"],"products":["Windows 10 Version 21H2","Windows Server 2012 (Server Core installation)","Windows Server 2022","Windows 11 Version 25H2","Windows Server 2012","Windows 10 Version 1607","Windows 10 Version 1809","Windows Server 2019","Windows Server 2025 (Server Core installation)","Windows 11 Version 24H2","Windows Server 2016","Windows Server 2012 R2","Windows Server 2025","Windows Server 2019 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2012 R2 (Server Core installation)","Windows 11 Version 23H2","Windows 11 version 26H1"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45634","summary":"Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"cvss_v4":null,"epss":0.00051,"ranking_epss":0.16325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45634"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:29","euvd":{"id":"EUVD-2026-35688","description":"Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.","published_time":"2026-06-09T17:04:51","cvss":5.5,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45634"],"products":["Windows 10 Version 21H2","Windows 10 Version 1607","Windows Server 2012","Windows Server 2025 (Server Core installation)","Windows Server 2012 R2","Windows Server 2016 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019 (Server Core installation)","Windows 10 Version 22H2","Windows 10 Version 1809","Windows 11 Version 23H2","Windows Server 2016","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2025","Windows Server 2012 (Server Core installation)","Windows 11 version 26H1","Windows Server 2019","Windows 11 Version 25H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45598","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"vendor":"microsoft","product":"windows_10_1607","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35558","description":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:34","cvss":7.0,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"products":["Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 10 Version 21H2","Windows Server 2025","Windows 10 Version 1607","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2012 R2","Windows 10 Version 22H2","Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45598","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"vendor":"microsoft","product":"windows_10_1809","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35558","description":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:34","cvss":7.0,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"products":["Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 10 Version 21H2","Windows Server 2025","Windows 10 Version 1607","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2012 R2","Windows 10 Version 22H2","Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45598","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35558","description":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:34","cvss":7.0,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"products":["Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 10 Version 21H2","Windows Server 2025","Windows 10 Version 1607","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2012 R2","Windows 10 Version 22H2","Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45598","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35558","description":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:34","cvss":7.0,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"products":["Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 10 Version 21H2","Windows Server 2025","Windows 10 Version 1607","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2012 R2","Windows 10 Version 22H2","Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45598","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35558","description":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:34","cvss":7.0,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"products":["Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 10 Version 21H2","Windows Server 2025","Windows 10 Version 1607","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2012 R2","Windows 10 Version 22H2","Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45598","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35558","description":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:34","cvss":7.0,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"products":["Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 10 Version 21H2","Windows Server 2025","Windows 10 Version 1607","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2012 R2","Windows 10 Version 22H2","Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45598","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35558","description":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:34","cvss":7.0,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"products":["Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 10 Version 21H2","Windows Server 2025","Windows 10 Version 1607","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2012 R2","Windows 10 Version 22H2","Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45598","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35558","description":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:34","cvss":7.0,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"products":["Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 10 Version 21H2","Windows Server 2025","Windows 10 Version 1607","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2012 R2","Windows 10 Version 22H2","Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45598","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"vendor":"microsoft","product":"windows_server_2012","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35558","description":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:34","cvss":7.0,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"products":["Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 10 Version 21H2","Windows Server 2025","Windows 10 Version 1607","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2012 R2","Windows 10 Version 22H2","Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45598","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"vendor":"microsoft","product":"windows_server_2016","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35558","description":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:34","cvss":7.0,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"products":["Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 10 Version 21H2","Windows Server 2025","Windows 10 Version 1607","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2012 R2","Windows 10 Version 22H2","Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45598","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"vendor":"microsoft","product":"windows_server_2019","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35558","description":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:34","cvss":7.0,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"products":["Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 10 Version 21H2","Windows Server 2025","Windows 10 Version 1607","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2012 R2","Windows 10 Version 22H2","Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45598","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35558","description":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:34","cvss":7.0,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"products":["Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 10 Version 21H2","Windows Server 2025","Windows 10 Version 1607","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2012 R2","Windows 10 Version 22H2","Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45598","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35558","description":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:34","cvss":7.0,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45598"],"products":["Windows Server 2016 (Server Core installation)","Windows Server 2012","Windows 10 Version 21H2","Windows Server 2025","Windows 10 Version 1607","Windows 11 version 26H1","Windows Server 2012 R2 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 11 Version 24H2","Windows Server 2022","Windows Server 2012 R2","Windows 10 Version 22H2","Windows Server 2016","Windows Server 2019 (Server Core installation)","Windows 10 Version 1809","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45599","summary":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.2484,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"vendor":"microsoft","product":"windows_10_1607","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35556","description":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:33","cvss":8.1,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"products":["Windows Server 2012 R2","Windows Server 2025","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 21H2","Windows 10 Version 22H2","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 10 Version 1809","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45599","summary":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.2484,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"vendor":"microsoft","product":"windows_10_1809","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35556","description":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:33","cvss":8.1,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"products":["Windows Server 2012 R2","Windows Server 2025","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 21H2","Windows 10 Version 22H2","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 10 Version 1809","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45599","summary":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.2484,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35556","description":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:33","cvss":8.1,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"products":["Windows Server 2012 R2","Windows Server 2025","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 21H2","Windows 10 Version 22H2","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 10 Version 1809","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45599","summary":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.2484,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35556","description":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:33","cvss":8.1,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"products":["Windows Server 2012 R2","Windows Server 2025","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 21H2","Windows 10 Version 22H2","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 10 Version 1809","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45599","summary":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.2484,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35556","description":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:33","cvss":8.1,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"products":["Windows Server 2012 R2","Windows Server 2025","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 21H2","Windows 10 Version 22H2","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 10 Version 1809","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45599","summary":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.2484,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35556","description":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:33","cvss":8.1,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"products":["Windows Server 2012 R2","Windows Server 2025","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 21H2","Windows 10 Version 22H2","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 10 Version 1809","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45599","summary":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.2484,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35556","description":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:33","cvss":8.1,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"products":["Windows Server 2012 R2","Windows Server 2025","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 21H2","Windows 10 Version 22H2","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 10 Version 1809","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45599","summary":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.2484,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35556","description":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:33","cvss":8.1,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"products":["Windows Server 2012 R2","Windows Server 2025","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 21H2","Windows 10 Version 22H2","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 10 Version 1809","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45599","summary":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.2484,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"vendor":"microsoft","product":"windows_server_2012","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35556","description":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:33","cvss":8.1,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"products":["Windows Server 2012 R2","Windows Server 2025","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 21H2","Windows 10 Version 22H2","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 10 Version 1809","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45599","summary":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.2484,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"vendor":"microsoft","product":"windows_server_2016","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35556","description":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:33","cvss":8.1,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"products":["Windows Server 2012 R2","Windows Server 2025","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 21H2","Windows 10 Version 22H2","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 10 Version 1809","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45599","summary":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.2484,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"vendor":"microsoft","product":"windows_server_2019","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35556","description":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:33","cvss":8.1,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"products":["Windows Server 2012 R2","Windows Server 2025","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 21H2","Windows 10 Version 22H2","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 10 Version 1809","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45599","summary":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.2484,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"vendor":"microsoft","product":"windows_server_2022","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35556","description":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:33","cvss":8.1,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"products":["Windows Server 2012 R2","Windows Server 2025","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 21H2","Windows 10 Version 22H2","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 10 Version 1809","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45599","summary":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","cvss":8.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.1,"cvss_v4":null,"epss":0.00086,"ranking_epss":0.2484,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35556","description":"Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.","published_time":"2026-06-09T17:05:33","cvss":8.1,"cvss_version":"3.1","epss":0.0009,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45599"],"products":["Windows Server 2012 R2","Windows Server 2025","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016","Windows 10 Version 21H2","Windows 10 Version 22H2","Windows Server 2016 (Server Core installation)","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows Server 2022","Windows Server 2012","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows 11 Version 23H2","Windows 11 version 26H1","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows 10 Version 1809","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45600","summary":"Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00149,"ranking_epss":0.3517,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45600"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35561","description":"Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:37","cvss":7.8,"cvss_version":"3.1","epss":0.0015,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45600"],"products":["Windows 11 Version 25H2","Windows 11 Version 24H2","Windows 11 version 26H1","Windows 11 version 26H1","Windows Server 2025","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45600","summary":"Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00149,"ranking_epss":0.3517,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45600"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35561","description":"Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:37","cvss":7.8,"cvss_version":"3.1","epss":0.0015,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45600"],"products":["Windows 11 Version 25H2","Windows 11 Version 24H2","Windows 11 version 26H1","Windows 11 version 26H1","Windows Server 2025","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45600","summary":"Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00149,"ranking_epss":0.3517,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45600"],"vendor":"microsoft","product":"windows_11_26h1","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35561","description":"Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:37","cvss":7.8,"cvss_version":"3.1","epss":0.0015,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45600"],"products":["Windows 11 Version 25H2","Windows 11 Version 24H2","Windows 11 version 26H1","Windows 11 version 26H1","Windows Server 2025","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45600","summary":"Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00149,"ranking_epss":0.3517,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45600"],"vendor":"microsoft","product":"windows_server_2025","version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35561","description":"Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:37","cvss":7.8,"cvss_version":"3.1","epss":0.0015,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45600"],"products":["Windows 11 Version 25H2","Windows 11 Version 24H2","Windows 11 version 26H1","Windows 11 version 26H1","Windows Server 2025","Windows Server 2025 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45601","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45601"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35557","description":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:34","cvss":7.0,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45601"],"products":["Windows Server 2012 R2","Windows Server 2016","Windows 10 Version 1607","Windows 10 Version 21H2","Windows 11 Version 25H2","Windows Server 2025 (Server Core installation)","Windows Server 2012","Windows 11 Version 23H2","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 22H2","Windows Server 2019","Windows Server 2016 (Server Core installation)","Windows Server 2025","Windows Server 2019 (Server Core installation)","Windows 10 Version 1809","Windows 11 version 26H1","Windows Server 2022","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45602","summary":"No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.","cvss":9.1,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.1,"cvss_v4":null,"epss":0.0007,"ranking_epss":0.21688,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45602"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35562","description":"No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.","published_time":"2026-06-09T17:05:38","cvss":9.1,"cvss_version":"3.1","epss":0.0007,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45602"],"products":["Windows 10 Version 1809","Windows Server 2016","Windows 11 version 26H1","Windows 11 Version 25H2","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows Server 2022","Windows Server 2012 (Server Core installation)","Windows Server 2012 R2 (Server Core installation)","Windows Server 2025 (Server Core installation)","Windows Server 2025","Windows Server 2012 R2","Windows 10 Version 22H2","Windows Server 2012","Windows Server 2019","Windows 10 Version 21H2","Windows 11 Version 24H2","Windows Server 2016 (Server Core installation)"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45603","summary":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"cvss_v4":null,"epss":0.00049,"ranking_epss":0.15818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45603"],"vendor":null,"product":null,"version":null,"published_time":"2026-06-09T17:17:28","euvd":{"id":"EUVD-2026-35565","description":"Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:40","cvss":7.0,"cvss_version":"3.1","epss":0.0005,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45603"],"products":["Windows 10 Version 21H2","Windows Server 2012","Windows Server 2025","Windows Server 2012 (Server Core installation)","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows Server 2016 (Server Core installation)","Windows 11 Version 23H2","Windows 10 Version 1607","Windows Server 2025 (Server Core installation)","Windows Server 2019","Windows Server 2022","Windows 10 Version 22H2","Windows Server 2016","Windows 11 version 26H1","Windows Server 2012 R2","Windows 10 Version 1809","Windows Server 2019 (Server Core installation)","Windows 11 Version 24H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45592","summary":"Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00082,"ranking_epss":0.24028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45592"],"vendor":"microsoft","product":"windows_10_1607","version":null,"published_time":"2026-06-09T17:17:27","euvd":{"id":"EUVD-2026-35550","description":"Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:30","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45592"],"products":["Windows Server 2025","Windows Server 2012 R2","Windows 11 version 26H1","Windows Server 2019","Windows Server 2025 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2016","Windows 10 Version 1809","Windows Server 2016 (Server Core installation)","Windows 10 Version 22H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45592","summary":"Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00082,"ranking_epss":0.24028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45592"],"vendor":"microsoft","product":"windows_10_1809","version":null,"published_time":"2026-06-09T17:17:27","euvd":{"id":"EUVD-2026-35550","description":"Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:30","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45592"],"products":["Windows Server 2025","Windows Server 2012 R2","Windows 11 version 26H1","Windows Server 2019","Windows Server 2025 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2016","Windows 10 Version 1809","Windows Server 2016 (Server Core installation)","Windows 10 Version 22H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45592","summary":"Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00082,"ranking_epss":0.24028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45592"],"vendor":"microsoft","product":"windows_10_21h2","version":null,"published_time":"2026-06-09T17:17:27","euvd":{"id":"EUVD-2026-35550","description":"Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:30","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45592"],"products":["Windows Server 2025","Windows Server 2012 R2","Windows 11 version 26H1","Windows Server 2019","Windows Server 2025 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2016","Windows 10 Version 1809","Windows Server 2016 (Server Core installation)","Windows 10 Version 22H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45592","summary":"Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00082,"ranking_epss":0.24028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45592"],"vendor":"microsoft","product":"windows_10_22h2","version":null,"published_time":"2026-06-09T17:17:27","euvd":{"id":"EUVD-2026-35550","description":"Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:30","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45592"],"products":["Windows Server 2025","Windows Server 2012 R2","Windows 11 version 26H1","Windows Server 2019","Windows Server 2025 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2016","Windows 10 Version 1809","Windows Server 2016 (Server Core installation)","Windows 10 Version 22H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45592","summary":"Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00082,"ranking_epss":0.24028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45592"],"vendor":"microsoft","product":"windows_11_23h2","version":null,"published_time":"2026-06-09T17:17:27","euvd":{"id":"EUVD-2026-35550","description":"Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:30","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45592"],"products":["Windows Server 2025","Windows Server 2012 R2","Windows 11 version 26H1","Windows Server 2019","Windows Server 2025 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2016","Windows 10 Version 1809","Windows Server 2016 (Server Core installation)","Windows 10 Version 22H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45592","summary":"Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00082,"ranking_epss":0.24028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45592"],"vendor":"microsoft","product":"windows_11_24h2","version":null,"published_time":"2026-06-09T17:17:27","euvd":{"id":"EUVD-2026-35550","description":"Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:30","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45592"],"products":["Windows Server 2025","Windows Server 2012 R2","Windows 11 version 26H1","Windows Server 2019","Windows Server 2025 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2016","Windows 10 Version 1809","Windows Server 2016 (Server Core installation)","Windows 10 Version 22H2"],"vendors":["Microsoft"]}},{"cve_id":"CVE-2026-45592","summary":"Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"cvss_v4":null,"epss":0.00082,"ranking_epss":0.24028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45592"],"vendor":"microsoft","product":"windows_11_25h2","version":null,"published_time":"2026-06-09T17:17:27","euvd":{"id":"EUVD-2026-35550","description":"Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.","published_time":"2026-06-09T17:05:30","cvss":7.8,"cvss_version":"3.1","epss":0.0008,"assigner":"microsoft","references":["https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45592"],"products":["Windows Server 2025","Windows Server 2012 R2","Windows 11 version 26H1","Windows Server 2019","Windows Server 2025 (Server Core installation)","Windows 11 Version 24H2","Windows 10 Version 1607","Windows Server 2019 (Server Core installation)","Windows 11 Version 23H2","Windows 11 Version 25H2","Windows Server 2012 R2 (Server Core installation)","Windows 10 Version 21H2","Windows Server 2022","Windows Server 2016","Windows 10 Version 1809","Windows Server 2016 (Server Core installation)","Windows 10 Version 22H2"],"vendors":["Microsoft"]}}]}