|
61
|
9.8 |
CRITICAL
Network
|
-
|
-
|
D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42376
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
62
|
9.8 |
CRITICAL
Network
|
-
|
-
|
D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42375
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
63
|
9.8 |
CRITICAL
Network
|
-
|
-
|
D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42374
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
64
|
9.8 |
CRITICAL
Network
|
-
|
-
|
D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the s…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42373
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
65
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the s…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42372
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
66
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in th…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-42090
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
67
|
4.6 |
MEDIUM
Network
|
-
|
-
|
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via `save_generated_slides`. This issue has been patched…
New
|
CWE-22
Path Traversal
|
CVE-2026-42080
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
68
|
8.6 |
HIGH
Local
|
-
|
-
|
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtin…
New
|
CWE-95
Eval Injection
|
CVE-2026-42079
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
69
|
4.6 |
MEDIUM
Network
|
-
|
-
|
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdown_table_to_image. This…
New
|
CWE-22
Path Traversal
|
CVE-2026-42078
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
70
|
5.2 |
MEDIUM
Local
|
-
|
-
|
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all Ja…
New
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-42077
|
2026-05-5 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
