🚨 CVE-2026-40370
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
🎖@cveNotify
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
🎖@cveNotify
🚨 CVE-2026-2253
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.
🎖@cveNotify
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities.
🎖@cveNotify
Pentaho Customer Portal
(Resolved) Hitachi Vantara Pentaho Data Integration & Analytics - Improper Restriction of XML External Entity Reference - - Versions…
OverviewThe product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect doc...
🚨 CVE-2026-2254
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.
🎖@cveNotify
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications.
🎖@cveNotify
Pentaho Customer Portal
(Resolved) Hitachi Vantara Pentaho Data Integration & Analytics - Incorrect Permission Assignment for Critical Resource - Versions…
OverviewThe product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. (CWE-732) Products Affected Hitachi Vantar...
🚨 CVE-2026-2255
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can already leverage those credentials to submit jobs under the same account through the backend API.
🎖@cveNotify
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can already leverage those credentials to submit jobs under the same account through the backend API.
🎖@cveNotify
Pentaho Customer Portal
(Resolved) Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials - Versions before 10.2.0.6…
OverviewThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522) Products Affected Hit...
🚨 CVE-2026-0410
Authenticated administrators connected to the local network can gain
elevated access to the router and make unauthorized changes to router
software and functionality.
🎖@cveNotify
Authenticated administrators connected to the local network can gain
elevated access to the router and make unauthorized changes to router
software and functionality.
🎖@cveNotify
NETGEAR KB
June 2026 NETGEAR Security Advisory
NETGEAR's Product Security Team has assessed the following product vulnerabilities and provided guidance to address these vulnerabilities in the table below. Because firmware updates contain security fixes, bug fixes, and new features for your products, we…
🚨 CVE-2026-0411
An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability.
Orbi WiFi Systems without satellite devices are not impacted by this issue.
🎖@cveNotify
An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability.
Orbi WiFi Systems without satellite devices are not impacted by this issue.
🎖@cveNotify
NETGEAR KB
June 2026 NETGEAR Security Advisory
NETGEAR's Product Security Team has assessed the following product vulnerabilities and provided guidance to address these vulnerabilities in the table below. Because firmware updates contain security fixes, bug fixes, and new features for your products, we…
🚨 CVE-2026-0413
A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
🎖@cveNotify
A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
🎖@cveNotify
NETGEAR KB
June 2026 NETGEAR Security Advisory
NETGEAR's Product Security Team has assessed the following product vulnerabilities and provided guidance to address these vulnerabilities in the table below. Because firmware updates contain security fixes, bug fixes, and new features for your products, we…
🚨 CVE-2026-0414
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
🎖@cveNotify
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
🎖@cveNotify
NETGEAR KB
June 2026 NETGEAR Security Advisory
NETGEAR's Product Security Team has assessed the following product vulnerabilities and provided guidance to address these vulnerabilities in the table below. Because firmware updates contain security fixes, bug fixes, and new features for your products, we…
🚨 CVE-2026-0415
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
🎖@cveNotify
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
🎖@cveNotify
NETGEAR KB
June 2026 NETGEAR Security Advisory
NETGEAR's Product Security Team has assessed the following product vulnerabilities and provided guidance to address these vulnerabilities in the table below. Because firmware updates contain security fixes, bug fixes, and new features for your products, we…
🚨 CVE-2026-0419
Insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no
further security updates are planned. NETGEAR strongly recommends
replacing these devices with newer NETGEAR models to ensure continued
security support and updates.
This vulnerability has been identified through firmware emulation in a controlled research environment and has not been verified on production hardware.
🎖@cveNotify
Insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no
further security updates are planned. NETGEAR strongly recommends
replacing these devices with newer NETGEAR models to ensure continued
security support and updates.
This vulnerability has been identified through firmware emulation in a controlled research environment and has not been verified on production hardware.
🎖@cveNotify
NETGEAR KB
June 2026 NETGEAR Security Advisory
NETGEAR's Product Security Team has assessed the following product vulnerabilities and provided guidance to address these vulnerabilities in the table below. Because firmware updates contain security fixes, bug fixes, and new features for your products, we…
🚨 CVE-2026-0420
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models.
🎖@cveNotify
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models.
🎖@cveNotify
NETGEAR KB
June 2026 NETGEAR Security Advisory
NETGEAR's Product Security Team has assessed the following product vulnerabilities and provided guidance to address these vulnerabilities in the table below. Because firmware updates contain security fixes, bug fixes, and new features for your products, we…
🚨 CVE-2026-9258
Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
🎖@cveNotify
Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
🎖@cveNotify
Canon(Japan)
「EOS Network Setting Tool」に関する脆弱性について|サポート
「EOS Network Setting Tool」に関する脆弱性についてのご案内です。
🚨 CVE-2026-9259
Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier
🎖@cveNotify
Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier
🎖@cveNotify
Canon(Japan)
「EOS Network Setting Tool」に関する脆弱性について|サポート
「EOS Network Setting Tool」に関する脆弱性についてのご案内です。
🚨 CVE-2026-9260
Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
🎖@cveNotify
Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
🎖@cveNotify
Canon(Japan)
「EOS Network Setting Tool」に関する脆弱性について|サポート
「EOS Network Setting Tool」に関する脆弱性についてのご案内です。
🚨 CVE-2026-9261
Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier
🎖@cveNotify
Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier
🎖@cveNotify
Canon(Japan)
「EOS Network Setting Tool」に関する脆弱性について|サポート
「EOS Network Setting Tool」に関する脆弱性についてのご案内です。
🚨 CVE-2026-9262
Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier
🎖@cveNotify
Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier
🎖@cveNotify
Canon(Japan)
「EOS Network Setting Tool」に関する脆弱性について|サポート
「EOS Network Setting Tool」に関する脆弱性についてのご案内です。
🚨 CVE-2026-12291
Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
🎖@cveNotify
Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
🎖@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2036929. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
🚨 CVE-2026-12292
Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
🎖@cveNotify
Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
🎖@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2038465. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
🚨 CVE-2026-12293
Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
🎖@cveNotify
Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
🎖@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2039568. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
🚨 CVE-2026-12294
Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
🎖@cveNotify
Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
🎖@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2039873. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
🚨 CVE-2026-12295
Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
🎖@cveNotify
Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
🎖@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2040160. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.