|
3451
|
5.0 |
MEDIUM
Local
|
-
|
-
|
Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic lin…
|
CWE-59
Link Following
|
CVE-2026-6891
|
2026-05-29 23:46 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3452
|
5.0 |
MEDIUM
Local
|
-
|
-
|
Improper handling of symbolic links in the installer of CUPS Printer Driver for macOS(*) may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installat…
|
CWE-59
Link Following
|
CVE-2026-6892
|
2026-05-29 23:46 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3453
|
- |
|
-
|
-
|
An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RP…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-7480
|
2026-05-29 23:46 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3454
|
- |
|
-
|
-
|
Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical m…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-8070
|
2026-05-29 23:46 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3455
|
- |
|
-
|
-
|
Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-49195
|
2026-05-29 23:46 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3456
|
- |
|
-
|
-
|
The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands.
|
CWE-77
Command Injection
|
CVE-2026-49196
|
2026-05-29 23:46 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3457
|
- |
|
-
|
-
|
Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.
|
CWE-287
Improper Authentication
|
CVE-2026-49197
|
2026-05-29 23:46 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3458
|
- |
|
-
|
-
|
Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors.
|
CWE-284
Improper Access Control
|
CVE-2026-49198
|
2026-05-29 23:46 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3459
|
- |
|
-
|
-
|
The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized s…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-49200
|
2026-05-29 23:46 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3460
|
- |
|
-
|
-
|
The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating pers…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-49201
|
2026-05-29 23:46 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
