CVE tracker
341 subscribers
4.67K links
News monitoring: @irnewsagency

Main channel: @orgsecuritygate

Site: SecurityGate.org
Download Telegram
CVE-2026-56808 - AVTECH DGM3103SCT OS Command Injection

CVE ID :CVE-2026-56808
Published : June 30, 2026, 6 a.m. | 3 hours, 25 minutes ago
Description :DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who can log in to the web management console of the affected product.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56809 - Ricoh Web Image Monitor Reflected Cross-Site Scripting

CVE ID :CVE-2026-56809
Published : June 30, 2026, 6:02 a.m. | 3 hours, 23 minutes ago
Description :Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed on the web browser of the user who accesses Web Image Monitor.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56137 - Gotcha Gotcha Games RPG MAKER OS Command Injection

CVE ID :CVE-2026-56137
Published : June 30, 2026, 6:02 a.m. | 3 hours, 23 minutes ago
Description :RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted save-file, arbitrary OS command may be executed.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-12818 - DVP-12SE Exposure of Sensitive Information Vulnerability

CVE ID :CVE-2026-12818
Published : June 30, 2026, 6:24 a.m. | 3 hours, 1 minute ago
Description :Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerability without limits or throttling (CWE-770) within their Modbus TCP service.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-12819 - DVP-12SE Missing Authentication and Unauthorized Write access Vulnerability

CVE ID :CVE-2026-12819
Published : June 30, 2026, 6:28 a.m. | 2 hours, 57 minutes ago
Description :Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticated interaction with security-sensitive PLC functions.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14164 - Libarchive: double-free vulnerability in rar5 decompression logic via dangling filtered_buf pointer in init_unpack()

CVE ID :CVE-2026-14164
Published : June 30, 2026, 6:29 a.m. | 2 hours, 56 minutes ago
Description :A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filtered_buf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of the same memory region, resulting in a double-free condition. Successful exploitation may cause applications using the vulnerable libarchive API to terminate unexpectedly, leading to a denial of service.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-12240 - Export User Data <= 2.2.6 - Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion via display_name Field

CVE ID :CVE-2026-12240
Published : June 30, 2026, 6:52 a.m. | 2 hours, 33 minutes ago
Description :The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unserialize function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). Successful exploitation requires an administrator to trigger a user data export while a subscriber-level (or higher) user has stored a crafted serialized XLSXWriter object payload as their display name.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-12578 - DTMSoft - Deserialization of Untrusted Data Vulnerability

CVE ID :CVE-2026-12578
Published : June 30, 2026, 7:20 a.m. | 2 hours, 5 minutes ago
Description :The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-45822 - decode-uri-component Denial of Service

CVE ID :CVE-2026-45822
Published : June 30, 2026, 8:05 a.m. | 1 hour, 20 minutes ago
Description :decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on '%' producing N tokens and calls decodeComponents(), exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately 33s. An attacker can cause significant CPU consumption and event-loop blocking via crafted input.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41053 - Over-inclusive team membership expansion in GitHub App authentication provider for Rancher

CVE ID :CVE-2026-41053
Published : June 30, 2026, 11:38 a.m. | 1 hour, 49 minutes ago
Description :Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8403 - Stored XSS in Exagate's SYSGUARD 6001

CVE ID :CVE-2026-8403
Published : June 30, 2026, 11:46 a.m. | 1 hour, 40 minutes ago
Description :Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Stored XSS. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.4.0.  NOTE: The vendor was contacted and it was learned that the product is not supported.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14209 - Keycloak-admin-ui: keycloak-admin-ui: keycloak: admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions

CVE ID :CVE-2026-14209
Published : June 30, 2026, 11:48 a.m. | 1 hour, 38 minutes ago
Description :A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions (FGAPv2) are enabled, an administrator who should only be able to search for users (but not view their full details) can use a specific "brute-force-user" endpoint to access a user's full profile. This includes sensitive information and security metadata. The issue occurs because the system fails to check if the administrator has the required "view" permission for that specific user when using this particular search path.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4629 - Keycloak: keycloak: privilege escalation through hardcoded role mapper injection

CVE ID :CVE-2026-4629
Published : June 30, 2026, noon | 1 hour, 26 minutes ago
Description :A flaw was found in Keycloak. A highly privileged user with `manage-clients` permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the `realm-admin` role into generated tokens, resulting in privilege escalation and full administrative access to the realm.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-12388 - Keycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapper

CVE ID :CVE-2026-12388
Published : June 30, 2026, noon | 1 hour, 26 minutes ago
Description :A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role" mapper that assigns high-level administrative roles (like realm-admin) to themselves or others. This allows a restricted administrator to bypass security checks and gain full control over the entire realm.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-53432 - Integer Overflow in fzf

CVE ID :CVE-2026-53432
Published : June 30, 2026, 12:01 p.m. | 1 hour, 26 minutes ago
Description :fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and pattern length is 999 bytes, the product overflows. The Go runtime detects the invalid slice bounds and terminates the process immediately with a non-recoverable panic. This issue was fixed in version 0.73.1.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-53433 - Denial of Service in fzf

CVE ID :CVE-2026-53433
Published : June 30, 2026, 12:01 p.m. | 1 hour, 26 minutes ago
Description :fzf is vulnerable to a Denial of Service (DoS) due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity (O(n²)). A crafted POST request with many small segments can trigger excessive CPU usage during request handling.This allows a single malicious request to monopolize the single‑threaded HTTP server, blocking all other clients and resulting in denial of service. This issue was fixed in version 0.73.1.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-44946 - SAML Authentication Replay in Rancher

CVE ID :CVE-2026-44946
Published : June 30, 2026, 12:14 p.m. | 1 hour, 12 minutes ago
Description :A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,
Severity: 9.5 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8451 - Insufficient input validation leading to memory overread

CVE ID :CVE-2026-8451
Published : June 30, 2026, 12:33 p.m. | 54 minutes ago
Description :Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-58374 - hostapd: Out-of-bounds Write in AP-mode Wi-Fi 7 MLO Association Request Processing

CVE ID :CVE-2026-58374
Published : June 30, 2026, 12:35 p.m. | 51 minutes ago
Description :In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link Operation (MLO) association request processing allows an unauthenticated attacker within wireless range to send a crafted management frame containing a malformed Multi-Link Element or Per-STA Profile subelement. In hostapd_process_ml_assoc_req() in src/ap/ieee802_11_eht.c, the received link_id field can be parsed as value 15, but the corresponding links[] storage only has valid entries for lower link IDs (0 through 14). This causes an out-of-bounds write / small memory corruption during association processing before the 4-way handshake. The attack does not require network credentials, prior authentication, or user interaction. The confirmed practical impact is denial of service through hostapd process termination. This affects hostapd v2.11 and newer development snapshots before v2.12 when built with CONFIG_IEEE80211BE enabled. The issue is fixed in hostapd v2.12 and the upstream 2026-1 fixes.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8452 - Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service

CVE ID :CVE-2026-8452
Published : June 30, 2026, 12:41 p.m. | 46 minutes ago
Description :Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8655 - Multiple Memory overflow vulnerabilities leading to unpredictable or erroneous behavior and Denial of Service

CVE ID :CVE-2026-8655
Published : June 30, 2026, 12:46 p.m. | 40 minutes ago
Description :Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if NetScaler ADC is configured as an LB of type Oracle OR NetScaler ADC is configured as a DNS Proxy OR NetScaler ADC is configured as a DNS recursive resolver deployment
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...