CVE-2026-10639 - Use-after-free reading `net_pkt_iface()` of a sent ICMPv4 echo-reply packet in `icmpv4_handle_echo_request()`
CVE ID :CVE-2026-10639
Published : June 16, 2026, 3:16 p.m. | 2 hours, 43 minutes ago
Description :In Zephyr's native IPv4 stack, icmpv4_handle_echo_request() in subsys/net/ip/icmpv4.c builds an echo-reply packet (reply), hands it to net_try_send_data(), and then, on success, calls net_stats_update_icmp_sent(net_pkt_iface(reply)). net_try_send_data() transfers ownership of reply to the TX path (net_if_try_queue_tx - net_if_tx - L2/driver send, or the asynchronous net_if_tx_thread), which can unref it to refcount 0 and return the struct net_pkt to its slab (net_pkt_unref - k_mem_slab_free) before the stats line runs. net_core.c documents this exact contract ('the pkt might contain garbage already ... do not use pkt after that call'). The post-send net_pkt_iface(reply) therefore reads reply-iface out of a freed (and possibly already reallocated) net_pkt, a use-after-free read; with CONFIG_NET_STATISTICS_PER_INTERFACE the stats macro additionally increments a counter through that value, i.e. a dereference/write through a stale or recycled-slot pointer. The path is reached unauthenticated by any remote host that pings the device (net_icmpv4_input - net_icmp_call_ipv4_handlers - icmpv4_handle_echo_request) and is gated on CONFIG_NET_STATISTICS_ICMP. Impact is a probabilistic read of recycled packet memory plus a possible wild-pointer write under a timing race, leading most likely to corrupted interface statistics or a remotely triggerable crash (DoS). The defect was introduced in 2019 (v1.14) and is present through v4.4.0. The companion change in net_icmpv4_send_error() is not a use-after-free because it reads net_pkt_iface(orig), the caller-owned received packet, which stays alive across the send. The fix caches the interface pointer from the live received packet before sending and uses it for the post-send stats updates.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10639
Published : June 16, 2026, 3:16 p.m. | 2 hours, 43 minutes ago
Description :In Zephyr's native IPv4 stack, icmpv4_handle_echo_request() in subsys/net/ip/icmpv4.c builds an echo-reply packet (reply), hands it to net_try_send_data(), and then, on success, calls net_stats_update_icmp_sent(net_pkt_iface(reply)). net_try_send_data() transfers ownership of reply to the TX path (net_if_try_queue_tx - net_if_tx - L2/driver send, or the asynchronous net_if_tx_thread), which can unref it to refcount 0 and return the struct net_pkt to its slab (net_pkt_unref - k_mem_slab_free) before the stats line runs. net_core.c documents this exact contract ('the pkt might contain garbage already ... do not use pkt after that call'). The post-send net_pkt_iface(reply) therefore reads reply-iface out of a freed (and possibly already reallocated) net_pkt, a use-after-free read; with CONFIG_NET_STATISTICS_PER_INTERFACE the stats macro additionally increments a counter through that value, i.e. a dereference/write through a stale or recycled-slot pointer. The path is reached unauthenticated by any remote host that pings the device (net_icmpv4_input - net_icmp_call_ipv4_handlers - icmpv4_handle_echo_request) and is gated on CONFIG_NET_STATISTICS_ICMP. Impact is a probabilistic read of recycled packet memory plus a possible wild-pointer write under a timing race, leading most likely to corrupted interface statistics or a remotely triggerable crash (DoS). The defect was introduced in 2019 (v1.14) and is present through v4.4.0. The companion change in net_icmpv4_send_error() is not a use-after-free because it reads net_pkt_iface(orig), the caller-owned received packet, which stays alive across the send. The fix caches the interface pointer from the live received packet before sending and uses it for the post-send stats updates.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-10640 - Use-after-free reading `net_pkt` `iface` after send in IPv6 Neighbor Discovery (`ipv6_nbr.c`)
CVE ID :CVE-2026-10640
Published : June 16, 2026, 3:16 p.m. | 2 hours, 43 minutes ago
Description :Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv6_send_ns, net_ipv6_send_rs in subsys/net/ip/ipv6_nbr.c) updated the per-interface ICMP-sent statistics by calling net_pkt_iface(pkt) after net_send_data(pkt) had already returned successfully. On the success path the network stack owns and releases the packet's reference (the L2/driver send unrefs it, e.g. ethernet_send - net_pkt_unref), so for a freshly allocated packet with refcount 1 the net_pkt slab block can be freed before the statistics line runs (synchronously when no TX queue thread is configured, or via a concurrent TX thread otherwise). The subsequent net_pkt_iface(pkt) reads pkt-iface from the freed slab block, and with CONFIG_NET_STATISTICS_PER_INTERFACE enabled that loaded pointer is dereferenced to increment iface-stats.icmp.sent, a use-after-free (CWE-416). If the slab block was reallocated in the meantime the read/increment targets unrelated or attacker-influenced memory, yielding corrupted statistics, a fault/crash (denial of service), or potential limited memory corruption. The vulnerable Neighbor Advertisement path is reachable by any unauthenticated on-link node simply by sending ICMPv6 Neighbor Solicitations to a Zephyr node with native IPv6 enabled (handle_ns_input - net_ipv6_send_na). Affected from v3.3.0 through v4.4.0; the fix uses the already-available iface argument instead of touching the sent packet. Configurations without per-interface statistics dereference only a global counter and are not affected by the memory-safety aspect.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10640
Published : June 16, 2026, 3:16 p.m. | 2 hours, 43 minutes ago
Description :Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv6_send_ns, net_ipv6_send_rs in subsys/net/ip/ipv6_nbr.c) updated the per-interface ICMP-sent statistics by calling net_pkt_iface(pkt) after net_send_data(pkt) had already returned successfully. On the success path the network stack owns and releases the packet's reference (the L2/driver send unrefs it, e.g. ethernet_send - net_pkt_unref), so for a freshly allocated packet with refcount 1 the net_pkt slab block can be freed before the statistics line runs (synchronously when no TX queue thread is configured, or via a concurrent TX thread otherwise). The subsequent net_pkt_iface(pkt) reads pkt-iface from the freed slab block, and with CONFIG_NET_STATISTICS_PER_INTERFACE enabled that loaded pointer is dereferenced to increment iface-stats.icmp.sent, a use-after-free (CWE-416). If the slab block was reallocated in the meantime the read/increment targets unrelated or attacker-influenced memory, yielding corrupted statistics, a fault/crash (denial of service), or potential limited memory corruption. The vulnerable Neighbor Advertisement path is reachable by any unauthenticated on-link node simply by sending ICMPv6 Neighbor Solicitations to a Zephyr node with native IPv6 enabled (handle_ns_input - net_ipv6_send_na). Affected from v3.3.0 through v4.4.0; the fix uses the already-available iface argument instead of touching the sent packet. Configurations without per-interface statistics dereference only a global counter and are not affected by the memory-safety aspect.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-10831 - Improper Authorization of Break Signal Commands in Devices
CVE ID :CVE-2026-10831
Published : June 16, 2026, 3:16 p.m. | 2 hours, 43 minutes ago
Description :A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network access can send crafted requests to disrupt serial communication for an active user session.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10831
Published : June 16, 2026, 3:16 p.m. | 2 hours, 43 minutes ago
Description :A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network access can send crafted requests to disrupt serial communication for an active user session.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11317 - Rockwell Automation Logix 5370 and 5570 Controllers Vulnerable To Denial of Service Via CIP
CVE ID :CVE-2026-11317
Published : June 16, 2026, 3:16 p.m. | 2 hours, 43 minutes ago
Description :A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is sent. Devices with less memory are more likely to be affected. This can result in a major nonrecoverable fault (MNRF). A program download is required to recover.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11317
Published : June 16, 2026, 3:16 p.m. | 2 hours, 43 minutes ago
Description :A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is sent. Devices with less memory are more likely to be affected. This can result in a major nonrecoverable fault (MNRF). A program download is required to recover.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-12398 - Galaxy_ng: shell injection in legacy role import via unsanitized git ref names
CVE ID :CVE-2026-12398
Published : June 16, 2026, 3:16 p.m. | 2 hours, 43 minutes ago
Description :A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitized git ref names (branch/tag names) into shell commands executed via subprocess.run() with shell=True. An authenticated user who controls a git repository can create a branch or tag with shell metacharacters in the name to achieve remote code execution on the pulp worker. The vulnerable endpoint is only reachable when GALAXY_ENABLE_LEGACY_ROLES is set to True, which is not the default configuration.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-12398
Published : June 16, 2026, 3:16 p.m. | 2 hours, 43 minutes ago
Description :A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitized git ref names (branch/tag names) into shell commands executed via subprocess.run() with shell=True. An authenticated user who controls a git repository can create a branch or tag with shell metacharacters in the name to achieve remote code execution on the pulp worker. The vulnerable endpoint is only reachable when GALAXY_ENABLE_LEGACY_ROLES is set to True, which is not the default configuration.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-47684 - Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP
CVE ID :CVE-2026-47684
Published : June 16, 2026, 3:16 p.m. | 2 hours, 43 minutes ago
Description :Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses (e.g. ::ffff:127.0.0.1), allowing SSRF protection to be bypassed on dual-stack systems. Version 2.3.0 fixes the issue.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-47684
Published : June 16, 2026, 3:16 p.m. | 2 hours, 43 minutes ago
Description :Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses (e.g. ::ffff:127.0.0.1), allowing SSRF protection to be bypassed on dual-stack systems. Version 2.3.0 fixes the issue.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-48780 - Forem vulnerable to bypass of email address domain restrictions
CVE ID :CVE-2026-48780
Published : June 16, 2026, 3:16 p.m. | 2 hours, 43 minutes ago
Description :Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The issue is patched as of `a2ab6d4`. As a workaround, some SMTP servers and email delivery providers may drop or refuse to send maliciously crafted email addresses.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-48780
Published : June 16, 2026, 3:16 p.m. | 2 hours, 43 minutes ago
Description :Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The issue is patched as of `a2ab6d4`. As a workaround, some SMTP servers and email delivery providers may drop or refuse to send maliciously crafted email addresses.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-9307 - Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities
CVE ID :CVE-2026-9307
Published : June 16, 2026, 3:16 p.m. | 2 hours, 43 minutes ago
Description :A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attacker to construct malicious packets, leading to Denial-of-Service.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-9307
Published : June 16, 2026, 3:16 p.m. | 2 hours, 43 minutes ago
Description :A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connection IDs on the diagnostics webpage, which are accessible to any unauthenticated user on the network. This information can be leveraged by an attacker to construct malicious packets, leading to Denial-of-Service.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-22451 - Dell Peripheral Manager Uncontrolled Search Path Element Vulnerability
CVE ID :CVE-2024-22451
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2024-22451
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-24909 - Dell OpenManage Integration RCE via Gateway Plugin
CVE ID :CVE-2024-24909
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit this vulnerability to escalate privileges. The malicious user may gain the ability to run arbitrary code remotely. This is a high severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2024-24909
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit this vulnerability to escalate privileges. The malicious user may gain the ability to run arbitrary code remotely. This is a high severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-30476 - Dell PowerStore Stored Cross-Site Scripting
CVE ID :CVE-2024-30476
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2024-30476
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-38487 - API Gateway Container Privilege Escalation
CVE ID :CVE-2024-38487
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2024-38487
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-71261 - Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS
CVE ID :CVE-2025-71261
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-71261
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-10649 - Pacemaker: pacemaker: denial of service via integer overflow in remote message decompression
CVE ID :CVE-2026-10649
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial of service (DoS) in the CIB remote listener. This can result in the affected service crashing.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-10649
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial of service (DoS) in the CIB remote listener. This can result in the affected service crashing.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-12003 - CPython >3.11 Insecure Input Validation resulting in privilege escalation
CVE ID :CVE-2026-12003
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python assumes it is running in a source tree and generates a different default sys.path. This code remains in release builds, so that release-ready builds can be built in-tree. On Windows, since builds are written to 'PCbuild/', the value of VPATH is set to '..\..', which results in a landmark of '..\..\Modules\setup.local'. This path is outside the install directory of Python, and may have different permissions, potentially allowing a low-privilege user to create the landmark and an alternative `Lib` folder that will be discovered by an otherwise restricted install. Such a setup occurs with the legacy default install location for all users (in the now superseded EXE installer), due to how Windows allows all users to create folders in the root directory of their OS drive. Our recommended mitigation on Windows is to migrate away from the legacy installer and use the new [Python install manager](https://www.python.org/downloads/latest/pymanager/) to install for the current user. Installs where the directory two levels above the Python installation directory have equivalent permissions are unaffected (in general, a per-user install cannot be modified at all by other users, removing any escalation of privilege risk, and could be directly modified by a privileged user, making the potential tampering irrelevant). Alternative mitigations might include preemptively creating and restricting access to a `Modules` directory. Be aware that only 3.13 and 3.14 will receive updated legacy installers - earlier fixes are only provided as sources. Platforms other than Windows allow VPATH to be overridden, but as they don't usually use a separated directory in the build for binaries, are unlikely to have a landmark reference outside of the install directory. The landmark detection involving VPATH is a fallback for when a more specific landmark - .\pybuilddir.txt - is absent, and was included for compatibility. Future releases of Python will no longer include the fallback, and so builds will need to generate or preserve the pybuilddir.txt file in order to work in-tree. This landmark file has been generated on Windows since 3.11, and on other platforms for longer.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-12003
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python assumes it is running in a source tree and generates a different default sys.path. This code remains in release builds, so that release-ready builds can be built in-tree. On Windows, since builds are written to 'PCbuild/', the value of VPATH is set to '..\..', which results in a landmark of '..\..\Modules\setup.local'. This path is outside the install directory of Python, and may have different permissions, potentially allowing a low-privilege user to create the landmark and an alternative `Lib` folder that will be discovered by an otherwise restricted install. Such a setup occurs with the legacy default install location for all users (in the now superseded EXE installer), due to how Windows allows all users to create folders in the root directory of their OS drive. Our recommended mitigation on Windows is to migrate away from the legacy installer and use the new [Python install manager](https://www.python.org/downloads/latest/pymanager/) to install for the current user. Installs where the directory two levels above the Python installation directory have equivalent permissions are unaffected (in general, a per-user install cannot be modified at all by other users, removing any escalation of privilege risk, and could be directly modified by a privileged user, making the potential tampering irrelevant). Alternative mitigations might include preemptively creating and restricting access to a `Modules` directory. Be aware that only 3.13 and 3.14 will receive updated legacy installers - earlier fixes are only provided as sources. Platforms other than Windows allow VPATH to be overridden, but as they don't usually use a separated directory in the build for binaries, are unlikely to have a landmark reference outside of the install directory. The landmark detection involving VPATH is a fallback for when a more specific landmark - .\pybuilddir.txt - is absent, and was included for compatibility. Future releases of Python will no longer include the fallback, and so builds will need to generate or preserve the pybuilddir.txt file in order to work in-tree. This landmark file has been generated on Windows since 3.11, and on other platforms for longer.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-12412 - Rejected reason: loading template...
CVE ID :CVE-2026-12412
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :Rejected reason: loading template...
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-12412
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :Rejected reason: loading template...
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24155 - NVIDIA NeMo Code Injection
CVE ID :CVE-2026-24155
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-24155
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24228 - NVIDIA NeMo Framework Deserialization Vulnerability
CVE ID :CVE-2026-24228
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-24228
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-39926 - Rejected reason: This CVE ID has been rejected or
CVE ID :CVE-2026-39926
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-39926
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-39927 - Rejected reason: This CVE ID has been rejected or
CVE ID :CVE-2026-39927
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-39927
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-42089 - yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation
CVE ID :CVE-2026-42089
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass attacker-controlled project configuration into this path, this can result in arbitrary package installation and code execution during CLI bootstrap. The vulnerable method is installLocalGenerators(), which calls repository.install() directly without prompting the user. This issue has been fixed in version 6.0.0.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-42089
Published : June 16, 2026, 5:16 p.m. | 43 minutes ago
Description :Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass attacker-controlled project configuration into this path, this can result in arbitrary package installation and code execution during CLI bootstrap. The vulnerable method is installLocalGenerators(), which calls repository.install() directly without prompting the user. This issue has been fixed in version 6.0.0.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...