CVE ID :CVE-2026-58054 Published : June 28, 2026, 1:32 a.m. | 23 hours, 39 minutes ago Description :MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating…
CVE-2026-58053 – Gitea act_runner – Container Hardening Bypass via Workflow Container Options
CVE ID :CVE-2026-58053 Published : June 28, 2026, 1:32 a.m. | 23 hours, 39 minutes ago Description :Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow’s container.options string to the Docker…
CVE-2026-58051 – libssh2 – Free of Uninitialized Pointer in publickey List Cleanup
CVE ID :CVE-2026-58051 Published : June 28, 2026, 1:32 a.m. | 23 hours, 39 minutes ago Description :libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing…
CVE-2026-58050 – libssh2 – Integer Overflow in publickey Subsystem Attribute Allocation
CVE ID :CVE-2026-58050 Published : June 28, 2026, 1:32 a.m. | 23 hours, 39 minutes ago Description :libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in…
CVE-2026-58049 – FFmpeg – Out-of-Bounds Write in RASC Decoder decode_dlta()
CVE ID :CVE-2026-58049 Published : June 28, 2026, 1:32 a.m. | 23 hours, 39 minutes ago Description :FFmpeg’s RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before…
CVE-2026-10643 – Out-of-bounds heap write in Zephyr `recvmsg()` ancillary-data path (`insert_pktinfo` undersizes the control-buffer capacity check)
CVE ID :CVE-2026-10643 Published : June 27, 2026, 10:59 p.m. | 2 hours, 12 minutes ago Description :Zephyr’s IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()) validated the user-supplied ancillary (msg_control) buffer using only the payload…
CVE-2026-12415 – Invoice Generator <= 1.0.0 – Unauthenticated Privilege Escalation via Account Takeover via 'user_id' Parameter
CVE ID :CVE-2026-12415 Published : June 27, 2026, 4:30 a.m. | 20 hours, 41 minutes ago Description :The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check…
CVE-2026-56414 – H.VIEW HV-500S6 IP Camera Unrestricted Upload of File with Dangerous Type
CVE ID :CVE-2026-56414 Published : June 26, 2026, 11 p.m. | 2 hours, 11 minutes ago Description :A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file…
CVE-2026-55975 – H.VIEW HV-500S6 IP Camera OS Command Injection
CVE ID :CVE-2026-55975 Published : June 26, 2026, 10:58 p.m. | 2 hours, 12 minutes ago Description :A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML…
CVE-2026-31928 – Daktronics Controller Firmware Use of Hard-coded Credentials
CVE ID :CVE-2026-31928 Published : June 26, 2026, 10:52 p.m. | 2 hours, 18 minutes ago Description :The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are…