Vulnerabilities - Yack CVE

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-42837 1Microsoft 10Windows 10 1809 Windows 10 21h2Windows 10 22h2+7 more Jun 11, 2026 Jun 9, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-41844 1Vmware 1Spring Framework Jun 11, 2026 Jun 9, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A Spring MVC or Spring WebFlux application which configures a mapping for "/" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host...Show more A Spring MVC or Spring WebFlux application which configures a mapping for "/" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.Show less
CVE-2026-42903 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Jun 11, 2026 Jun 9, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.
CVE-2026-8406 - - Jun 11, 2026 Jun 11, 2026 7.1 HIGH· v4 N/A· v3 N/A· v2 openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/S...Show more openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mail_id value.Show less
CVE-2026-50131 - - Jun 11, 2026 Jun 10, 2026 N/A· v4 8.6 HIGH· v3 N/A· v2 Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime doc...Show more Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime document and media fetching. However, the IPv4 validation logic present starting in version 0.11.2 and prior to versions 1.9.12, 1.10.11, 2.0.19, 2.1.15, and 2.2.4 appears incomplete. The `validatePublicUrl()` protection relies on `isValidPublicIPv4Address()` to reject non-public IPv4 destinations. The function blocks common private and local ranges such as `10.0.0.0/8`, `127.0.0.0/8`, `169.254.0.0/16`, `172.16.0.0/12`, and `192.168.0.0/16`, but it still treats several special-use, reserved, multicast, benchmarking, and carrier-grade NAT IPv4 ranges as valid public destinations. Because this validation is used as an SSRF defense before outbound fetches, this appears to be an incomplete mitigation or bypass class for the previous SSRF issue. Versions 1.9.12, 1.10.11, 2.0.19, 2.1.15, and 2.2.4 contain an updated patch.Show less
CVE-2026-48011 - - Jun 11, 2026 Jun 10, 2026 N/A· v4 3.7 LOW· v3 N/A· v2 Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.18 and 6.7.10.1 fix th...Show more Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.18 and 6.7.10.1 fix the issue.Show less
CVE-2026-46705 - - Jun 11, 2026 Jun 10, 2026 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSH_MSG_USERAUTH_REQUEST messages without separa...Show more Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSH_MSG_USERAUTH_REQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user name and service name fields to change between authentication requests. The issue is not that such changes are invalid. The issue is that russh-owned authentication state, such as remaining methods, partial-success state, and in-progress method state, can remain associated with the connection and then influence a later request for a different (user, service). This is an internal library state mismatch. This issue has been patched in version 0.61.0.Show less
CVE-2026-46679 - - Jun 11, 2026 Jun 10, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossips...Show more libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node with default options. This issue has been patched in version 15.0.23.Show less
CVE-2026-46673 - - Jun 11, 2026 Jun 10, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent...Show more Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth before validation. In older russh releases before 0.58.0, remote SSH traffic also reached CryptoVec through transport and compression buffers. This issue has been patched in version 0.60.3.Show less
CVE-2026-45380 - - Jun 11, 2026 Jun 10, 2026 N/A· v4 3.6 LOW· v3 N/A· v2 bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allows an attacker to cra...Show more bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allows an attacker to craft a .7z archive that, when extracted with bit7z on any non-Windows platform, creates a symlink escaping the intended output directory. Subsequent archive entries extracted through this symlink write arbitrary files outside the extraction directory with the permissions of the extracting process. This issue has been patched in version 4.0.12.Show less
CVE-2026-38581 - - Jun 11, 2026 Jun 11, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) and the id parameter...Show more SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) and the id parameter (line 49). The parameters are concatenated directly into SQL queries without sanitization or parameterized statements.Show less
CVE-2026-42904 1Microsoft 8Windows 10 21h2 Windows 10 22h2Windows 11 23h2+5 more Jun 11, 2026 Jun 9, 2026 N/A· v4 9.6 CRITICAL· v3 N/A· v2 Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-42905 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Jun 11, 2026 Jun 9, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-42906 1Microsoft 8Windows 10 21h2 Windows 10 22h2Windows 11 23h2+5 more Jun 11, 2026 Jun 9, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
CVE-2026-41845 1Vmware 1Spring Framework Jun 11, 2026 Jun 9, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting (XSS) vulnerability. Affected versions: Spri...Show more Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting (XSS) vulnerability. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.Show less
CVE-2026-41846 1Vmware 1Spring Framework Jun 11, 2026 Jun 9, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scri...Show more Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting (XSS) vulnerability. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.Show less
CVE-2026-41847 1Vmware 1Spring Framework Jun 11, 2026 Jun 9, 2026 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spring Framework 5.3.0 through 5.3.48.
CVE-2026-42986 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Jun 11, 2026 Jun 9, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-42987 1Microsoft 5Windows Server 2012 Windows Server 2016Windows Server 2019+2 more Jun 11, 2026 Jun 9, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.
CVE-2026-41848 1Vmware 1Spring Framework Jun 11, 2026 Jun 9, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Applications may be vulnerable to a Regular Expression Denial of Service (ReDoS) attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPath...Show more Applications may be vulnerable to a Regular Expression Denial of Service (ReDoS) attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher: match(String pattern, String path), matchStart(String pattern, String path), extractUriTemplateVariables(String pattern, String path). Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.Show less
CVE-2026-42989 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Jun 11, 2026 Jun 9, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
CVE-2026-42991 1Microsoft 10Windows 10 1809 Windows 10 21h2Windows 10 22h2+7 more Jun 11, 2026 Jun 9, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-41852 1Vmware 1Spring Framework Jun 11, 2026 Jun 9, 2026 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended a...Show more A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.Show less
CVE-2026-5497 - - Jun 11, 2026 Jun 11, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in the `VideoMediaIO.load_base64()` method. When processing `video/jpeg` data...Show more vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in the `VideoMediaIO.load_base64()` method. When processing `video/jpeg` data URLs, the method splits the base64 data string on commas to extract individual JPEG frames without enforcing a frame count limit. An attacker can exploit this by crafting a single API request containing thousands of comma-separated base64-encoded JPEG frames in a data URL, causing the server to decode all frames into memory and crash due to excessive memory consumption. This vulnerability is reachable via the OpenAI-compatible chat completions API and does not require authentication.Show less
CVE-2026-45458 1Microsoft 7365 Apps Microsoft 365Office 2019+4 more Jun 11, 2026 Jun 9, 2026 N/A· v4 8.4 HIGH· v3 N/A· v2 Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Previous 1...313233...14312 Next

Vulnerabilities (CVE)