|
351
|
9.8 |
CRITICAL
Network
|
-
|
-
|
MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-6350
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352
|
7.5 |
HIGH
Network
|
-
|
-
|
MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files.
New
|
CWE-93
CRLF Injection
|
CVE-2026-6351
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
353
|
8.8 |
HIGH
Network
|
-
|
-
|
In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, i…
New
|
CWE-1242
Inclusion of Undocumented Features or Chicken Bits
|
CVE-2023-3634
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354
|
4.3 |
MEDIUM
Network
|
-
|
-
|
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint.
New
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2023-5872
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355
|
6.0 |
MEDIUM
Network
|
-
|
-
|
Due to improper
input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is
possible for an attacker with admin privileges and access to the local system to
inject malicious cod…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-22615
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
356
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been …
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-22616
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357
|
6.3 |
MEDIUM
Network
|
-
|
-
|
UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product t…
New
|
CWE-941
Incorrectly Specified Destination in a Communication Channel
|
CVE-2026-40118
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
358
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. Th…
New
|
CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
|
CVE-2026-22617
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
359
|
5.9 |
MEDIUM
Network
|
-
|
-
|
A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attack…
New
|
CWE-358
Improperly Implemented Security Check for Standard
|
CVE-2026-22618
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
360
|
7.8 |
HIGH
Local
|
-
|
-
|
Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. Thi…
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-22619
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
