|
151
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CL…
New
|
CWE-88
Argument Injection
|
CVE-2026-47365
|
2026-06-13 01:08 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store'…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-53787
|
2026-06-13 01:07 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
7.2 |
HIGH
Network
|
-
|
-
|
Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level auth…
New
|
CWE-284
Improper Access Control
|
CVE-2026-47366
|
2026-06-13 01:07 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
7.7 |
HIGH
Local
|
-
|
-
|
Brickcom cameras
ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.
New
|
CWE-1392
Use of Default Credentials
|
CVE-2026-50005
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
7.7 |
HIGH
Local
|
-
|
-
|
Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed.
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-50245
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
- |
|
-
|
-
|
An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device.
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-11535
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
- |
|
-
|
-
|
The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed.
New
|
CWE-807
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-12058
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are re…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-10557
|
2026-06-13 01:06 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
8.1 |
HIGH
Network
|
-
|
-
|
The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subsc…
New
|
CWE-862
Missing Authorization
|
CVE-2026-7368
|
2026-06-13 01:06 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
9.0 |
CRITICAL
Network
|
-
|
-
|
Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity Provider (authenticity) in two SAML flows: the OAut…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-41005
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
