|
2371
|
- |
|
-
|
-
|
The new upstream added a privileged D-Bus
helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown() arbitrary files in the sy…
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-25710
|
2026-05-14 00:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2372
|
- |
|
-
|
-
|
The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in
malcontent-timerd allows arbitrary users…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-44931
|
2026-05-14 00:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2373
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim…
|
CWE-79
Cross-site Scripting
|
CVE-2026-23819
|
2026-05-14 00:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2374
|
7.2 |
HIGH
Network
|
-
|
-
|
A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands in a restricted shell environme…
|
CWE-78
OS Command
|
CVE-2026-23820
|
2026-05-14 00:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2375
|
7.2 |
HIGH
Network
|
-
|
-
|
A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Su…
|
CWE-78
OS Command
|
CVE-2026-23821
|
2026-05-14 00:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2376
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an at…
|
CWE-776
XML Entity Expansion
|
CVE-2026-23822
|
2026-05-14 00:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2377
|
7.2 |
HIGH
Network
|
-
|
-
|
A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacke…
|
CWE-77
Command Injection
|
CVE-2026-23823
|
2026-05-14 00:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2378
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data…
|
-
|
CVE-2025-11159
|
2026-05-14 00:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2379
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to ce…
|
CWE-36
Absolute Path Traversal
|
CVE-2026-32175
|
2026-05-14 00:34 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2380
|
7.3 |
HIGH
Local
|
-
|
-
|
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
|
CWE-20
CWE-122
Improper Input Validation
Heap-based Buffer Overflow
|
CVE-2026-32177
|
2026-05-14 00:34 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
