|
201
|
8.8 |
HIGH
Local
|
-
|
-
|
WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machin…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-6348
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202
|
- |
|
-
|
-
|
The
iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.
New
|
CWE-78
OS Command
|
CVE-2026-6349
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203
|
9.8 |
CRITICAL
Network
|
-
|
-
|
MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-6350
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
204
|
7.5 |
HIGH
Network
|
-
|
-
|
MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files.
New
|
CWE-93
CRLF Injection
|
CVE-2026-6351
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
205
|
8.8 |
HIGH
Network
|
-
|
-
|
In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, i…
New
|
CWE-1242
Inclusion of Undocumented Features or Chicken Bits
|
CVE-2023-3634
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
206
|
4.3 |
MEDIUM
Network
|
-
|
-
|
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint.
New
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2023-5872
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207
|
6.0 |
MEDIUM
Network
|
-
|
-
|
Due to improper
input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is
possible for an attacker with admin privileges and access to the local system to
inject malicious cod…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-22615
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been …
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-22616
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209
|
6.3 |
MEDIUM
Network
|
-
|
-
|
UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product t…
New
|
CWE-941
Incorrectly Specified Destination in a Communication Channel
|
CVE-2026-40118
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. Th…
New
|
CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
|
CVE-2026-22617
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
