|
521
|
3.7 |
LOW
Network
|
-
|
-
|
A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find_hwid/new_gui_update_firmware of the component Firmware Update Handler. Executing a manipulation of …
Update
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-7606
|
2026-05-6 04:29 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
522
|
8.8 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udpate. The manipulation of the argument str leads t…
Update
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7607
|
2026-05-6 04:29 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
523
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation cause…
Update
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7609
|
2026-05-6 04:29 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
524
|
3.7 |
LOW
Network
|
-
|
-
|
A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmi…
Update
|
CWE-310
CWE-319
Cryptographic Issues
Cleartext Transmission of Sensitive Information
|
CVE-2026-7610
|
2026-05-6 04:29 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
525
|
3.7 |
LOW
Network
|
-
|
-
|
A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. Performing a…
Update
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-7611
|
2026-05-6 04:29 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
526
|
7.5 |
HIGH
Network
|
-
|
-
|
The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in al…
Update
|
CWE-89
SQL Injection
|
CVE-2026-7649
|
2026-05-6 04:19 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
527
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wpr_update_form_action_meta` AJAX action in all versio…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-4024
|
2026-05-6 04:19 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
528
|
7.2 |
HIGH
Network
|
-
|
-
|
The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce v…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-5324
|
2026-05-6 04:19 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
529
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function execute_command of the file src/index.ts of the component MCP Interfac…
Update
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7593
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
530
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function image_to_3d_async of the file src/index.ts of the component MCP Interface. The manipulation of the argument …
Update
|
CWE-22
Path Traversal
|
CVE-2026-7594
|
2026-05-6 04:17 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
