|
291
|
- |
|
-
|
-
|
ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth (e.g., 12072000 for 12 July 2000). The a…
New
|
CWE-1391
Use of Weak Credentials
|
CVE-2026-47325
|
2026-06-5 00:14 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests …
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-10584
|
2026-06-5 00:13 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Files or directories accessible to external parties vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24.
New
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2025-14771
|
2026-06-5 00:13 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294
|
8.8 |
HIGH
Network
|
-
|
-
|
Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24.
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-14772
|
2026-06-5 00:13 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295
|
8.0 |
HIGH
Network
|
-
|
-
|
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24.
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-14773
|
2026-06-5 00:13 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296
|
7.4 |
HIGH
Adjacent
|
-
|
-
|
Incorrect Authorization vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24.
New
|
CWE-863
Incorrect Authorization
|
CVE-2025-14774
|
2026-06-5 00:13 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297
|
9.8 |
CRITICAL
Network
|
-
|
-
|
ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy
Assessment: Fully addressed.
When the serialised stream contains a TC_PROXYCLASSDESC (the ma…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-47065
|
2026-06-5 00:13 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298
|
7.3 |
HIGH
Local
|
-
|
-
|
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.
New
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-42061
|
2026-06-5 00:12 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299
|
7.3 |
HIGH
Local
|
-
|
-
|
Local privilege escalation due to EXE hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-44609
|
2026-06-5 00:12 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300
|
7.3 |
HIGH
Local
|
-
|
-
|
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227.
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-44682
|
2026-06-5 00:12 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
