CVE tracker
339 subscribers
4.64K links
News monitoring: @irnewsagency

Main channel: @orgsecuritygate

Site: SecurityGate.org
Download Telegram
CVE-2026-49496 - Ghidra < 12.1 - Heap-Use-After-Free in SleighBuilder::generatePointerAdd via Vector Reallocation

CVE ID :CVE-2026-49496
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries through the public Sleigh::oneInstruction C++ API, affecting downstream SLEIGH library consumers.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-49497 - Ghidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution

CVE ID :CVE-2026-49497
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak CRC32 hashes of arbitrary files during automatic DWARF analysis.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-49498 - Ghidra 11.0 < 12.1 - SQL Injection in PostgreSQL Password Change via Unescaped Username

CVE ID :CVE-2026-49498
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username parameters in PasswordChange network messages to escalate to PostgreSQL superuser privileges and gain full database control.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52750 - Ghidra < 12.1- Command Injection via URL Annotation Click

CVE ID :CVE-2026-52750
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments that victims click.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52751 - Ghidra < 12.1 - Remote Code Execution via Unfiltered RMI Deserialization in Shared Project Connection

CVE ID :CVE-2026-52751
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes untrusted objects using a Jython 2.7.4 gadget chain to execute arbitrary commands.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52752 - Ghidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names

CVE ID :CVE-2026-52752
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabling code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52753 - Ghidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol

CVE ID :CVE-2026-52753
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary analysis.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52754 - Ghidra < 12.1 - Authentication Bypass via Null Signature in PKIAuthenticationModule

CVE ID :CVE-2026-52754
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify repository access controls, exfiltrate shared reverse engineering databases, and permanently compromise server integrity.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52755 - Ghidra < 12.0.4 - Path Traversal via Zip Slip in Theme Import

CVE ID :CVE-2026-52755
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensitive files like .bashrc or .ssh/authorized_keys.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52756 - Ghidra < 12.2 - Unauthenticated Path Traversal in Debugger ISF Server

CVE ID :CVE-2026-52756
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf messages with traversal sequences to enumerate filesystem paths and probe arbitrary files.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52757 - Ghidra < 12.1 - Heap-use-after-free in HighVariable::merge() during decompilation

CVE ID :CVE-2026-52757
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereferenced, reading and writing the flags field of freed heap memory when a user opens the binary in Ghidra's decompiler view.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52758 - Ghidra < 12.1 - SQL Injection via Unescaped Filter Values in BSim Search

CVE ID :CVE-2026-52758
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers can inject arbitrary SQL via the BSim network query protocol to read, modify, or delete data in the PostgreSQL database.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-52759 - Ghidra < 12.1.1 - Denial of Service via Uncontrolled Memory Allocation in Mach-O Parser

CVE ID :CVE-2026-52759
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O binary with an arbitrarily large ncmds load command count value, forcing the parser to allocate excessive heap memory without validating file size, crashing the Ghidra JVM.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-53435 - Jenkins Deserialization Vulnerability Leads to Remote Code Execution

CVE ID :CVE-2026-53435
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or plugins from an attacker-controlled `config.xml` submission in a way that allows them to handle HTTP requests afterwards. This can be used to impersonate any user and send HTTP requests on their behalf, up to and including use of the Script Console to run arbitrary code, or to read arbitrary files from the Jenkins controller.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-53436 - Jenkins Relative Path Traversal for Phishing

CVE ID :CVE-2026-53436
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments (`./` or `../`), allowing attackers to perform phishing attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-53437 - Jenkins Tab N Transgression Security Bypass

CVE ID :CVE-2026-53437
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab or newline characters between `//`, allowing attackers to perform phishing attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-53438 - Jenkins Missing Permission Check Allows Unauthorized Queue Item Cancellation

CVE ID :CVE-2026-53438
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-53439 - Jenkins Information Disclosure

CVE ID :CVE-2026-53439
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names of other users' "My Views".
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-53440 - Jenkins: Open Redirect in Security Realm

CVE ID :CVE-2026-53440
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-53441 - Jenkins Stored Cross-Site Scripting

CVE ID :CVE-2026-53441
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could be set through the `POST config.xml` API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-53442 - Jenkins POST Configuration Secrets Disclosure

CVE ID :CVE-2026-53442
Published : June 10, 2026, 2:16 p.m. | 59 minutes ago
Description :Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...