CVE ID :CVE-2026-9669 Published : June 8, 2026, 10:01 p.m. | 1 hour, 14 minutes ago Description :bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and…
CVE-2026-46484 – Headplane: Path Traversal + RBAC Bypass in renameNode allows authenticated OIDC users to expire or rename any node/user
CVE ID :CVE-2026-46484 Published : June 8, 2026, 8:17 p.m. | 2 hours, 58 minutes ago Description :Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable…
CVE-2026-52778 – YesWiki has Unsafe eval() in Formula Calculator – Remote Code Execution (RCE) & Denial of Service (DoS)
CVE ID :CVE-2026-52778 Published : June 8, 2026, 7:16 p.m. | 3 hours, 58 minutes ago Description :YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists…
CVE-2026-46490 – samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions
CVE ID :CVE-2026-46490 Published : June 8, 2026, 7:16 p.m. | 3 hours, 58 minutes ago Description :samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only…
CVE-2026-11557 – Tenda F451 Web Management Natlimit fromNatlimit stack-based overflow
CVE ID :CVE-2026-11557 Published : June 8, 2026, 7:16 p.m. | 3 hours, 58 minutes ago Description :A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of…
CVE-2026-49494 – Comodo Internet Security Inspect.sys IPv6 Integer Underflow Remote Denial of Service
CVE ID :CVE-2026-49494 Published : June 7, 2026, 1:16 p.m. | 9 hours, 58 minutes ago Description :Comodo Internet Security’s firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser…
CVE-2026-11413 – JingDong JD Cloud Box AX6600 jdcweb_rpc set_macfilter stack-based overflow
CVE ID :CVE-2026-11413 Published : June 6, 2026, 2:16 p.m. | 8 hours, 58 minutes ago Description :A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is…
CVE-2026-26422 – Clash Verge Service IPC Local Privilege Escalation
CVE ID :CVE-2026-26422 Published : June 6, 2026, midnight | 23 hours, 14 minutes ago Description :clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation. Severity: 8.4 | HIGH Visit…
CVE-2026-7654 – Admin Columns <= 7.0.18 – Authenticated (Contributor+) PHP Object Injection to Remote Code Execution via Custom Field Meta Value
CVE ID :CVE-2026-7654 Published : June 5, 2026, 11:16 p.m. | 1 hour, 57 minutes ago Description :The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution…
CVE-2026-11431 – Path Traversal in Altium Projects Service Allows Arbitrary File Read
CVE ID :CVE-2026-11431 Published : June 5, 2026, 10:16 p.m. | 57 minutes ago Description :A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium…