|
371
|
6.0 |
MEDIUM
Network
|
-
|
-
|
Due to improper
input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is
possible for an attacker with admin privileges and access to the local system to
inject malicious cod…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-22615
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
372
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been …
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-22616
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
373
|
6.3 |
MEDIUM
Network
|
-
|
-
|
UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product t…
New
|
CWE-941
Incorrectly Specified Destination in a Communication Channel
|
CVE-2026-40118
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
374
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. Th…
New
|
CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
|
CVE-2026-22617
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
375
|
5.9 |
MEDIUM
Network
|
-
|
-
|
A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attack…
New
|
CWE-358
Improperly Implemented Security Check for Standard
|
CVE-2026-22618
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
376
|
7.8 |
HIGH
Local
|
-
|
-
|
Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. Thi…
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-22619
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
377
|
6.5 |
MEDIUM
Network
|
-
|
-
|
LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs, potentially causing the iOS devic…
New
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-3861
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
378
|
6.2 |
MEDIUM
Local
|
-
|
-
|
In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.
New
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2026-41030
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
379
|
5.0 |
MEDIUM
Network
|
-
|
-
|
ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and other vectors), leading to an information leak and ASLR bypass.
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-41034
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
380
|
7.4 |
HIGH
Network
|
-
|
-
|
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, …
New
|
CWE-130
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-41035
|
2026-04-18 00:38 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
