| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-0155 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0154 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0153 | 0.00 | — | 0.00 | Jun 16, 2026 | In Write of msg_to_host_buffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2026-0152 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In OSMMapPMRGeneric of pmr_os.c, there is a possible way to leverage a system call to system call to maliciously expand the VMA out of bounds due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User… | ||
| CVE-2026-0151 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In IntfGraphCreate of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0150 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In ExecuteGraph command handler of EdgeTPU firmware, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with root privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0149 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0148 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In multiple functions of VideoRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0147 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In __mfc_core_nal_q_get_dec_metadata_sei_nal of mfc_core_nal_q.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0146 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In mfc_core_get_dec_metadata_sei_nal of mfc_core_reg_api.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0145 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In keymint, there is a possible Permission Bypass due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0144 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In writeAocCommand of AocAudioCodec.cpp, there is a possible memory safety issue due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0143 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In lwis_device_external_event_emit of lwis_event.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0142 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In iavb_parse_key_data of avb_rsa.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0141 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In decodeAppPacket of RtcpAppPacket.cpp, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0140 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In RtpPacket::decodePacket, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | ||
| CVE-2026-0139 | 0.00 | — | 0.00 | Jun 16, 2026 | In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2026-0138 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In lwis_io_buffer_write of lwis_io_buffer.c, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0137 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In edgetpu_sync_fence_group_shutdown() of edgetpu-dmabuf.c, there is a possible elevation of privilege due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0136 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0135 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0134 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In PostWipeData of recovery_ui.cpp, there is a possible data persistence issue after a factory reset due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0133 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In smmu_attach_dev of arm-smmu-v3.c, there is a possible way to sign malicious Android Runtime bootclass artifacts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed… | ||
| CVE-2026-0132 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-0131 | 0.00 | — | 0.00 | Jun 16, 2026 | In RtpPacket::decodePacket, there is a possible out of bounds access due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||
| CVE-2026-0130 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In RtcpChunk::decodeRtcpChunk, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | ||
| CVE-2026-0129 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In RtcpByePacket::decodeByePacket, there is a possible due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | ||
| CVE-2026-0128 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | ||
| CVE-2026-0127 | 0.00 | — | 0.00 | Jun 16, 2026 | In NrmmMsgCodec::DecodeUPUTransparentContext of cn_NrmmDecoder.cpp, there is a possible out-of-bounds read due to memory corruption. This could lead to remote denial of service causing a communication processor crash with no additional execution privileges needed. User… | |||
| CVE-2026-0126 | 0.00 | — | 0.00 | Jun 16, 2026 | In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2026-0125 | — | 0.00 | — | 0.00 | Jun 16, 2026 | In multiple functions of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-54157 | cri | 0.52 | — | 0.02 | Jun 16, 2026 | ## Unauthenticated SSRF in /webapi/proxy allows anyone to proxy requests and inject cookies on lobehub.com ## Summary The `/webapi/proxy` endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. This is the same proxy… | ||
| CVE-2026-53753 | cri | 0.52 | — | 0.00 | Jun 16, 2026 | ### Summary The `_safe_eval_expression()` function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes (`gi_frame`, `f_back`, `f_builtins`) do NOT start with underscore, enabling… | ||
| CVE-2026-50135 | 0.00 | — | 0.00 | Jun 16, 2026 | **Commit:** [f8b5fa09a6](https://github.com/gohugoio/hugo/commit/f8b5fa09a6) — _Fix prevention of direct symlink reads in resources.Get_ **Affected versions:** v0.123.0 through v0.161.1. Earlier versions are not affected. **Fixed in:** v0.162.0. **Severity:** Medium. Requires… | |||
| CVE-2026-48294 | 0.00 | — | 0.01 | Jun 16, 2026 | Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session. Exploitation of this issue requires… | |||
| CVE-2026-12348 | — | 0.00 | — | 0.00 | Jun 16, 2026 | Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing. | ||
| CVE-2026-48776 | 0.00 | — | 0.00 | Jun 16, 2026 | LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior have unsafe URL path construction through unsanitized caller-supplied identifier values used in HTTP request… | |||
| CVE-2026-46979 | 0.00 | — | 0.00 | Jun 16, 2026 | Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces). The supported version that is affected is 9.2.38. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS… | |||
| CVE-2026-46978 | 0.00 | — | 0.00 | Jun 16, 2026 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is affected is 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Solaris.… | |||
| CVE-2026-46977 | 0.00 | — | 0.00 | Jun 16, 2026 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: VMSVGA device). The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox… | |||
| CVE-2026-46976 | 0.00 | — | 0.00 | Jun 16, 2026 | Vulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to… | |||
| CVE-2026-46974 | 0.00 | — | 0.00 | Jun 16, 2026 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox… | |||
| CVE-2026-46973 | 0.00 | — | 0.00 | Jun 16, 2026 | Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access… | |||
| CVE-2026-46972 | 0.00 | — | 0.00 | Jun 16, 2026 | Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access… | |||
| CVE-2026-46971 | 0.00 | — | 0.00 | Jun 16, 2026 | Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise… | |||
| CVE-2026-46970 | 0.00 | — | 0.00 | Jun 16, 2026 | Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise… | |||
| CVE-2026-46969 | 0.00 | — | 0.00 | Jun 16, 2026 | Vulnerability in the Oracle Financials for EMEA product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to… | |||
| CVE-2026-46967 | 0.00 | — | 0.00 | Jun 16, 2026 | Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via… | |||
| CVE-2026-46966 | 0.00 | — | 0.00 | Jun 16, 2026 | Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network… | |||
| CVE-2026-46965 | 0.00 | — | 0.00 | Jun 16, 2026 | Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access… |
- CVE-2026-0155Jun 16, 2026risk 0.00cvss —epss 0.00
In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0154Jun 16, 2026risk 0.00cvss —epss 0.00
In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0153Jun 16, 2026risk 0.00cvss —epss 0.00
In Write of msg_to_host_buffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0152Jun 16, 2026risk 0.00cvss —epss 0.00
In OSMMapPMRGeneric of pmr_os.c, there is a possible way to leverage a system call to system call to maliciously expand the VMA out of bounds due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User…
- CVE-2026-0151Jun 16, 2026risk 0.00cvss —epss 0.00
In IntfGraphCreate of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0150Jun 16, 2026risk 0.00cvss —epss 0.00
In ExecuteGraph command handler of EdgeTPU firmware, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with root privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0149Jun 16, 2026risk 0.00cvss —epss 0.00
In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0148Jun 16, 2026risk 0.00cvss —epss 0.00
In multiple functions of VideoRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0147Jun 16, 2026risk 0.00cvss —epss 0.00
In __mfc_core_nal_q_get_dec_metadata_sei_nal of mfc_core_nal_q.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0146Jun 16, 2026risk 0.00cvss —epss 0.00
In mfc_core_get_dec_metadata_sei_nal of mfc_core_reg_api.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0145Jun 16, 2026risk 0.00cvss —epss 0.00
In keymint, there is a possible Permission Bypass due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0144Jun 16, 2026risk 0.00cvss —epss 0.00
In writeAocCommand of AocAudioCodec.cpp, there is a possible memory safety issue due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0143Jun 16, 2026risk 0.00cvss —epss 0.00
In lwis_device_external_event_emit of lwis_event.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0142Jun 16, 2026risk 0.00cvss —epss 0.00
In iavb_parse_key_data of avb_rsa.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0141Jun 16, 2026risk 0.00cvss —epss 0.00
In decodeAppPacket of RtcpAppPacket.cpp, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0140Jun 16, 2026risk 0.00cvss —epss 0.00
In RtpPacket::decodePacket, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
- CVE-2026-0139Jun 16, 2026risk 0.00cvss —epss 0.00
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0138Jun 16, 2026risk 0.00cvss —epss 0.00
In lwis_io_buffer_write of lwis_io_buffer.c, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0137Jun 16, 2026risk 0.00cvss —epss 0.00
In edgetpu_sync_fence_group_shutdown() of edgetpu-dmabuf.c, there is a possible elevation of privilege due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0136Jun 16, 2026risk 0.00cvss —epss 0.00
In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0135Jun 16, 2026risk 0.00cvss —epss 0.00
In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0134Jun 16, 2026risk 0.00cvss —epss 0.00
In PostWipeData of recovery_ui.cpp, there is a possible data persistence issue after a factory reset due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0133Jun 16, 2026risk 0.00cvss —epss 0.00
In smmu_attach_dev of arm-smmu-v3.c, there is a possible way to sign malicious Android Runtime bootclass artifacts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…
- CVE-2026-0132Jun 16, 2026risk 0.00cvss —epss 0.00
In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0131Jun 16, 2026risk 0.00cvss —epss 0.00
In RtpPacket::decodePacket, there is a possible out of bounds access due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- CVE-2026-0130Jun 16, 2026risk 0.00cvss —epss 0.00
In RtcpChunk::decodeRtcpChunk, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
- CVE-2026-0129Jun 16, 2026risk 0.00cvss —epss 0.00
In RtcpByePacket::decodeByePacket, there is a possible due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
- CVE-2026-0128Jun 16, 2026risk 0.00cvss —epss 0.00
In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
- CVE-2026-0127Jun 16, 2026risk 0.00cvss —epss 0.00
In NrmmMsgCodec::DecodeUPUTransparentContext of cn_NrmmDecoder.cpp, there is a possible out-of-bounds read due to memory corruption. This could lead to remote denial of service causing a communication processor crash with no additional execution privileges needed. User…
- CVE-2026-0126Jun 16, 2026risk 0.00cvss —epss 0.00
In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2026-0125Jun 16, 2026risk 0.00cvss —epss 0.00
In multiple functions of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.52cvss —epss 0.02
## Unauthenticated SSRF in /webapi/proxy allows anyone to proxy requests and inject cookies on lobehub.com ## Summary The `/webapi/proxy` endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. This is the same proxy…
- risk 0.52cvss —epss 0.00
### Summary The `_safe_eval_expression()` function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes (`gi_frame`, `f_back`, `f_builtins`) do NOT start with underscore, enabling…
- CVE-2026-50135Jun 16, 2026risk 0.00cvss —epss 0.00
**Commit:** [f8b5fa09a6](https://github.com/gohugoio/hugo/commit/f8b5fa09a6) — _Fix prevention of direct symlink reads in resources.Get_ **Affected versions:** v0.123.0 through v0.161.1. Earlier versions are not affected. **Fixed in:** v0.162.0. **Severity:** Medium. Requires…
- CVE-2026-48294Jun 16, 2026risk 0.00cvss —epss 0.01
Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session. Exploitation of this issue requires…
- CVE-2026-12348Jun 16, 2026risk 0.00cvss —epss 0.00
Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing.
- CVE-2026-48776Jun 16, 2026risk 0.00cvss —epss 0.00
LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior have unsafe URL path construction through unsanitized caller-supplied identifier values used in HTTP request…
- CVE-2026-46979Jun 16, 2026risk 0.00cvss —epss 0.00
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces). The supported version that is affected is 9.2.38. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS…
- CVE-2026-46978Jun 16, 2026risk 0.00cvss —epss 0.00
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is affected is 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Solaris.…
- CVE-2026-46977Jun 16, 2026risk 0.00cvss —epss 0.00
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: VMSVGA device). The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox…
- CVE-2026-46976Jun 16, 2026risk 0.00cvss —epss 0.00
Vulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to…
- CVE-2026-46974Jun 16, 2026risk 0.00cvss —epss 0.00
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox…
- CVE-2026-46973Jun 16, 2026risk 0.00cvss —epss 0.00
Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access…
- CVE-2026-46972Jun 16, 2026risk 0.00cvss —epss 0.00
Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access…
- CVE-2026-46971Jun 16, 2026risk 0.00cvss —epss 0.00
Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise…
- CVE-2026-46970Jun 16, 2026risk 0.00cvss —epss 0.00
Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise…
- CVE-2026-46969Jun 16, 2026risk 0.00cvss —epss 0.00
Vulnerability in the Oracle Financials for EMEA product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to…
- CVE-2026-46967Jun 16, 2026risk 0.00cvss —epss 0.00
Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via…
- CVE-2026-46966Jun 16, 2026risk 0.00cvss —epss 0.00
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network…
- CVE-2026-46965Jun 16, 2026risk 0.00cvss —epss 0.00
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access…