|
151
|
8.8 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executin…
New
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7748
|
2026-05-5 00:17 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
8.8 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manip…
New
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7749
|
2026-05-5 00:17 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The …
New
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7750
|
2026-05-5 00:17 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
- |
|
-
|
-
|
Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup.
This issue affects jOpenDocument: 1.5.
New
|
CWE-611
XXE
|
CVE-2026-6501
|
2026-05-5 00:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
- |
|
-
|
-
|
Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data.
This issue affects OpenConcerto: 1.7.5.
New
|
CWE-256
Plaintext Storage of a Password
|
CVE-2026-6500
|
2026-05-5 00:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
5.7 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-31205
|
2026-05-5 00:16 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
- |
|
-
|
-
|
3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context of the root user by providing paylo…
New
|
CWE-78
OS Command
|
CVE-2025-13605
|
2026-05-5 00:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
6.5 |
MEDIUM
Network
|
vmware
|
spring_framework
|
A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully pr…
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-22740
|
2026-05-4 23:51 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
3.1 |
LOW
Network
|
vmware
|
spring_framework
|
Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.
More precisely, an application can be vulnerable when all the following are true:
* the ap…
Update
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2026-22741
|
2026-05-4 23:51 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
5.3 |
MEDIUM
Network
|
vmware
|
spring_framework
|
Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources.
More precisely, an application can be vulnerable when all the following are true:
…
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-22745
|
2026-05-4 23:50 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
