Total
357376 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-10775 | 2 Lmsys, Sgl-project | 2 Sglang, Sglang | 2026-06-10 | 3.6 Low |
| A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2026-36791 | 1 Tenda | 1 O3v3 | 2026-06-10 | 7.5 High |
| Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was discovered to contain a stack overflow in the save_list_data parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2026-36778 | 1 Tenda | 1 O3 Wireless Router | 2026-06-10 | 4.9 Medium |
| Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the username parameter of the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2026-53438 | 1 Jenkins Project | 1 Jenkins | 2026-06-10 | 4.3 Medium |
| A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view. | ||||
| CVE-2026-53440 | 1 Jenkins Project | 1 Jenkins | 2026-06-10 | 4.3 Medium |
| Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain. | ||||
| CVE-2026-53442 | 1 Jenkins Project | 1 Jenkins | 2026-06-10 | 5.3 Medium |
| Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2026-9210 | 1 Netgear | 31 Ex3700, Ex3800, Ex6120 and 28 more | 2026-06-10 | N/A |
| Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. | ||||
| CVE-2026-40988 | 1 Spring | 1 Spring Security | 2026-06-10 | 7.5 High |
| An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5. | ||||
| CVE-2026-41003 | 1 Spring | 1 Spring Security | 2026-06-10 | 7.6 High |
| An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5. | ||||
| CVE-2026-10783 | 2 Gradio-app, Gradio Project | 2 Gradio, Gradio | 2026-06-10 | 2.5 Low |
| A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save_audio_to_cache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. The patch is named 13394. To fix this issue, it is recommended to deploy a patch. | ||||
| CVE-2026-41695 | 1 Spring | 1 Spring Data Commons | 2026-06-10 | 7.5 High |
| Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14. | ||||
| CVE-2026-11682 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2026-06-10 | 8.3 High |
| Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-36719 | 1 Agentchat | 1 Agentchat | 2026-06-10 | 7.5 High |
| An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs. | ||||
| CVE-2026-34182 | 1 Openssl | 1 Openssl | 2026-06-10 | 9.1 Critical |
| Issue Summary: Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve key-equivalent functionality for a given CMS recipient and/or bypass integrity validation for a given message. In one use case, an attacker may send a CMS message containing AuthEnvelopedData with the cipher specified as a non-AEAD cipher. OpenSSL erroneously allows this selection, and attempts to decrypt and validate the message. An on-path attacker who captures one legitimate AES-GCM AuthEnvelopedData addressed to the victim can re-emit it with the recipientInfos set left byte-for-byte intact, so the victim's private key still unwraps the genuine CEK (the content-encryption key), but with the inner OID rewritten to AES-256-OFB (Output Feedback Mode, an unauthenticated keystream mode) and with an attacker-chosen IV and ciphertext. The victim initializes AES-256-OFB under the real CEK, never consults the MAC field, and CMS_decrypt() returns success. If the application under attack responds to the attacker with any indicator showing success or failure of the decryption effort, it is possible for the attacker to use this as an oracle to obtain key equivalent functionality for the CEK used for the chosen recipient of the message. In another use case, an attacker can reduce the tag length of the chosen AEAD cipher for a given AuthEnvelopedData container to be a single byte long, allowing an attacker to brute force CMS decryption, producing an integrity bypass for applications that trust CMS_decrypt() to reject modified content. The FIPS modules are not affected by this issue. | ||||
| CVE-2026-45482 | 1 Microsoft | 1 Visual Studio Code Copilot Chat Extension | 2026-06-10 | 8.4 High |
| Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2026-47648 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-10 | 7 High |
| Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-45591 | 2 Microsoft, Redhat | 5 .net, Asp.net Core, Visual Studio 2026 and 2 more | 2026-06-10 | 7.5 High |
| Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-45491 | 2 Microsoft, Redhat | 3 .net, Enterprise Linux, Hummingbird | 2026-06-10 | 6.2 Medium |
| Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally. | ||||
| CVE-2026-45490 | 1 Microsoft | 1 .net | 2026-06-10 | 7.8 High |
| Improper authorization in .NET allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-47652 | 1 Microsoft | 11 Windows 11 23h2, Windows 11 23h2, Windows 11 24h2 and 8 more | 2026-06-10 | 8.2 High |
| Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. | ||||