|
631
|
7.1 |
HIGH
Local
|
-
|
-
|
The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is not yet set at the point where the auxiliary vector i…
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-49413
|
2026-06-30 03:48 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
632
|
7.8 |
HIGH
Local
|
-
|
-
|
The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disabl…
New
|
CWE-179
Incorrect Behavior Order: Early Validation
|
CVE-2026-49414
|
2026-06-30 03:48 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
633
|
6.5 |
MEDIUM
Local
|
-
|
-
|
sigqueue(2) was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kern_sigqueue did not include a capability mode check restricting signal de…
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-45259
|
2026-06-30 03:48 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
634
|
6.5 |
MEDIUM
Network
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report format_file Parameter, causing arbitrary file read. …
Update
|
CWE-22
Path Traversal
|
CVE-2026-40084
|
2026-06-30 03:48 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
635
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in Wavlink WL-NU516U1-A M16U1_V240425. The impacted element is the function sub_407504 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. Such m…
New
|
CWE-119 CWE-121
Incorrect Access of Indexable Resource ('Range Error') Stack-based Buffer Overflow
|
CVE-2026-13539
|
2026-06-30 03:47 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
636
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in itsourcecode Baptism Information Management System 1.0. This affects an unknown function of the file /editBaptism.php. Such manipulation of the argument …
New
|
CWE-74 CWE-89
Injection SQL Injection
|
CVE-2026-13551
|
2026-06-30 03:47 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
637
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. This vulnerability affects unknown code of the file /admin/mod_room/controller.php?action=add of the component POST …
New
|
CWE-79 CWE-94
Cross-site Scripting Code Injection
|
CVE-2026-13557
|
2026-06-30 03:47 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
638
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the arg…
New
|
CWE-119 CWE-121
Incorrect Access of Indexable Resource ('Range Error') Stack-based Buffer Overflow
|
CVE-2026-13563
|
2026-06-30 03:47 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
639
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argumen…
New
|
CWE-74 CWE-89
Injection SQL Injection
|
CVE-2026-13569
|
2026-06-30 03:47 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
640
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument item_price can lea…
New
|
CWE-840
Business Logic Errors
|
CVE-2026-13571
|
2026-06-30 03:47 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|