Skip to content

Menu
  • Home
Menu

CVE-2026-46689 – Kanidm: Unauthenticated process abort via SCIM filter stack exhaustion

Posted on June 11, 2026

CVE ID :CVE-2026-46689 Published : June 10, 2026, 10:17 p.m. | 1 hour ago Description :Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/… endpoint…

CVE-2026-46669 – `openvm-pairing` pairing check missing proper subfield check on scaling factor

Posted on June 11, 2026

CVE ID :CVE-2026-46669 Published : June 10, 2026, 10:17 p.m. | 1 hour ago Description :OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the…

CVE-2026-46654 – Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss

Posted on June 11, 2026

CVE ID :CVE-2026-46654 Published : June 10, 2026, 10:16 p.m. | 1 hour ago Description :Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side…

CVE-2026-53673 – BuddyPress 14.4.0 Private Message IDOR via REST API user_id Parameter

Posted on June 10, 2026

CVE ID :CVE-2026-53673 Published : June 10, 2026, 12:16 a.m. | 58 minutes ago Description :BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers…

CVE-2026-46491 – SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion

Posted on June 10, 2026

CVE ID :CVE-2026-46491 Published : June 10, 2026, 12:16 a.m. | 58 minutes ago Description :SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior…

CVE-2026-45782 – Cloud Hypervisor: Use-after-free in virtio-block Async I/O Completion

Posted on June 10, 2026

CVE ID :CVE-2026-45782 Published : June 10, 2026, 12:16 a.m. | 58 minutes ago Description :Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a…

CVE-2026-41732 – In Spring for Apache Pulsar, overly broad trusted-package matching in header mapper exposes JDK classes to deserialization

Posted on June 10, 2026

CVE ID :CVE-2026-41732 Published : June 10, 2026, 12:16 a.m. | 59 minutes ago Description :JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted…

CVE-2026-41731 – In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization

Posted on June 10, 2026

CVE ID :CVE-2026-41731 Published : June 10, 2026, 12:16 a.m. | 59 minutes ago Description :JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting…

CVE-2026-9740 – Unbounded recursion in BSONColumn interleaved-reference causes pre-auth stack overflow

Posted on June 10, 2026

CVE ID :CVE-2026-9740 Published : June 9, 2026, 10:43 p.m. | 32 minutes ago Description :A vulnerability in MongoDB Server’s BSON validation logic allows an unauthenticated user to crash the mongod process by…

CVE-2026-9753 – Server crash via malformed binary diff passed to $_internalApplyOplogUpdate.

Posted on June 10, 2026

CVE ID :CVE-2026-9753 Published : June 9, 2026, 10:30 p.m. | 44 minutes ago Description :The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff…

Posts pagination

Previous 1 … 13 14 15 … 106 Next

Site map

  • About Us
  • Privacy Policy
  • Terms & Conditions of Use
©2026 | Design: Newspaperly WordPress Theme