|
401
|
7.7 |
HIGH
Local
|
-
|
-
|
Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed.
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-50245
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
402
|
- |
|
-
|
-
|
An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device.
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-11535
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
403
|
- |
|
-
|
-
|
The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed.
New
|
CWE-807
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-12058
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
404
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are re…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-10557
|
2026-06-13 01:06 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
405
|
8.1 |
HIGH
Network
|
-
|
-
|
The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subsc…
New
|
CWE-862
Missing Authorization
|
CVE-2026-7368
|
2026-06-13 01:06 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
406
|
9.0 |
CRITICAL
Network
|
-
|
-
|
Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity Provider (authenticity) in two SAML flows: the OAut…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-41005
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
407
|
- |
|
-
|
-
|
An
authenticated format string vulnerability exists in the ONVIF service of Tapo
C110 v2 due to improper handling of user-controlled input. Externally controlled data is interpreted as
a format stri…
New
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2026-6250
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
408
|
8.8 |
HIGH
Network
|
-
|
-
|
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to …
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-11933
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
409
|
- |
|
-
|
-
|
Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attrib…
New
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-20746
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
410
|
6.7 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges …
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-48914
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
