Searching...
Please wait while we search the database
| CVE ID | Severity | Description | Published | Actions |
|---|---|---|---|---|
|
CVE-2026-10298
|
MEDIUM |
A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
|
01 Jun 2026
|
|
|
CVE-2026-25879
|
CRITICAL |
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or filesystem access (e.g., PostgreSQL pg_execute_server_program, MySQL FILE, MSSQL xp_cmdshell), an attacker who can shape the agent's input — including indirectly via data returned to the LLM — can coerce execution of dialect-specific primitives such as `COPY ... FROM PROGRAM`, achieving RCE on the database host. Fixed in v0.63.0 by defaulting SQLChatAgent to a SELECT-only sqlglot-parsed statement allowlist with a dialect-aware dangerous-pattern blocklist; allow_dangerous_operations=True restores the previous unrestricted behavior for trusted deployments.
|
01 Jun 2026
|
|
|
CVE-2026-28511
|
MEDIUM |
eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the requesting user is not authorized to view. The exposed information is limited (only the title). Attempts to access the underlying protected resource content remain blocked by authorization checks. Version 5.4.2 fixes the issue.
# Affected Scope
Cross-scope visibility of titles.
No confirmed bypass of content-level access controls
# Preconditions
An authenticated user account
No special privileges required beyond standard access
# Impact
This may enable unauthorized disclosure of sensitive information if confidential data is included in resource titles. Examples could include project names, patient identifiers, or other regulated information embedded in titles.
|
01 Jun 2026
|
|
|
CVE-2026-10297
|
MEDIUM |
A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /manage_course.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
|
01 Jun 2026
|
|
|
CVE-2026-25277
|
HIGH |
Memory corruption while using Strongbox due to buffer overflow.
|
01 Jun 2026
|
|
|
CVE-2026-25276
|
HIGH |
Memory corruption while using Strongbox due to missing bounds check.
|
01 Jun 2026
|
|
|
CVE-2026-25260
|
HIGH |
Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.
|
01 Jun 2026
|
|
|
CVE-2026-25259
|
HIGH |
Memory corruption while processing multiple IOCTL command for escape operations.
|
01 Jun 2026
|
|
|
CVE-2026-25258
|
HIGH |
Memory corruption while processing IOCTL calls for escape operations.
|
01 Jun 2026
|
|
|
CVE-2026-24092
|
HIGH |
Memory Corruption when processing fastboot commands to set display mode.
|
01 Jun 2026
|
|
|
CVE-2026-24091
|
HIGH |
Memory corruption while processing fastboot commands with improperly formatted input.
|
01 Jun 2026
|
|
|
CVE-2026-24090
|
HIGH |
Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow.
|
01 Jun 2026
|
|
|
CVE-2026-24089
|
HIGH |
Memory corruption while processing fastboot commands with invalid input.
|
01 Jun 2026
|
|
|
CVE-2026-24088
|
HIGH |
Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
|
01 Jun 2026
|
|
|
CVE-2026-24087
|
HIGH |
Memory corruption while processing fastboot OEM commands.
|
01 Jun 2026
|
|
|
CVE-2026-24085
|
HIGH |
Memory Corruption when processing display command line information due to improper initialization of a variable.
|
01 Jun 2026
|
|
|
CVE-2025-59614
|
MEDIUM |
Memory Corruption when sending random number generator command with insufficient output buffer size.
|
01 Jun 2026
|
|
|
CVE-2025-59613
|
MEDIUM |
Memory Corruption when output buffer size is smaller than input buffer size during data copying operation.
|
01 Jun 2026
|
|
|
CVE-2025-59612
|
MEDIUM |
Memory corruption in windows drivers while sending incorrect trusted application request
|
01 Jun 2026
|
|
|
CVE-2025-59611
|
MEDIUM |
Memory corruption in diagnostic services due to absence of input validation
|
01 Jun 2026
|
|
|
CVE-2025-59610
|
MEDIUM |
Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.
|
01 Jun 2026
|
|
|
CVE-2025-59609
|
MEDIUM |
Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.
|
01 Jun 2026
|
|
|
CVE-2025-59606
|
HIGH |
Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.
|
01 Jun 2026
|
|
|
CVE-2025-59605
|
HIGH |
Memory Corruption when processing device identifier strings that exceed the expected maximum length.
|
01 Jun 2026
|
|
|
CVE-2025-59604
|
HIGH |
Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.
|
01 Jun 2026
|
CVE-2026-10298
MEDIUM
01 Jun 2026
A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2026-25879
CRITICAL
01 Jun 2026
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or filesystem access (e.g., PostgreSQL pg_execute_server_program, MySQL FILE, MSSQL xp_cmdshell), an attacker who can shape the agent's input — including indirectly via data returned to the LLM — can coerce execution of dialect-specific primitives such as `COPY ... FROM PROGRAM`, achieving RCE on the database host. Fixed in v0.63.0 by defaulting SQLChatAgent to a SELECT-only sqlglot-parsed statement allowlist with a dialect-aware dangerous-pattern blocklist; allow_dangerous_operations=True restores the previous unrestricted behavior for trusted deployments.
CVE-2026-28511
MEDIUM
01 Jun 2026
eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the requesting user is not authorized to view. The exposed information is limited (only the title). Attempts to access the underlying protected resource content remain blocked by authorization checks. Version 5.4.2 fixes the issue.
# Affected Scope
Cross-scope visibility of titles.
No confirmed bypass of content-level access controls
# Preconditions
An authenticated user account
No special privileges required beyond standard access
# Impact
This may enable unauthorized disclosure of sensitive information if confidential data is included in resource titles. Examples could include project names, patient identifiers, or other regulated information embedded in titles.
CVE-2026-10297
MEDIUM
01 Jun 2026
A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /manage_course.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVE-2026-25277
HIGH
01 Jun 2026
Memory corruption while using Strongbox due to buffer overflow.
CVE-2026-25276
HIGH
01 Jun 2026
Memory corruption while using Strongbox due to missing bounds check.
CVE-2026-25260
HIGH
01 Jun 2026
Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.
CVE-2026-25259
HIGH
01 Jun 2026
Memory corruption while processing multiple IOCTL command for escape operations.
CVE-2026-25258
HIGH
01 Jun 2026
Memory corruption while processing IOCTL calls for escape operations.
CVE-2026-24092
HIGH
01 Jun 2026
Memory Corruption when processing fastboot commands to set display mode.
CVE-2026-24091
HIGH
01 Jun 2026
Memory corruption while processing fastboot commands with improperly formatted input.
CVE-2026-24090
HIGH
01 Jun 2026
Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow.
CVE-2026-24089
HIGH
01 Jun 2026
Memory corruption while processing fastboot commands with invalid input.
CVE-2026-24088
HIGH
01 Jun 2026
Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
CVE-2026-24087
HIGH
01 Jun 2026
Memory corruption while processing fastboot OEM commands.
CVE-2026-24085
HIGH
01 Jun 2026
Memory Corruption when processing display command line information due to improper initialization of a variable.
CVE-2025-59614
MEDIUM
01 Jun 2026
Memory Corruption when sending random number generator command with insufficient output buffer size.
CVE-2025-59613
MEDIUM
01 Jun 2026
Memory Corruption when output buffer size is smaller than input buffer size during data copying operation.
CVE-2025-59612
MEDIUM
01 Jun 2026
Memory corruption in windows drivers while sending incorrect trusted application request
CVE-2025-59611
MEDIUM
01 Jun 2026
Memory corruption in diagnostic services due to absence of input validation
CVE-2025-59610
MEDIUM
01 Jun 2026
Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.
CVE-2025-59609
MEDIUM
01 Jun 2026
Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.
CVE-2025-59606
HIGH
01 Jun 2026
Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.
CVE-2025-59605
HIGH
01 Jun 2026
Memory Corruption when processing device identifier strings that exceed the expected maximum length.
CVE-2025-59604
HIGH
01 Jun 2026
Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.
Page 48 of 400
Page 48 of 400