|
1
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time…
New
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7853
|
2026-05-6 03:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2
|
7.2 |
HIGH
Network
|
-
|
-
|
A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the function sprintf of the file yyxz.asp. The manipulation of the argument ID leads to stack-based buffer overflow. The atta…
New
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-7851
|
2026-05-6 03:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3
|
- |
|
-
|
-
|
An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend.
…
Update
|
CWE-89
SQL Injection
|
CVE-2026-5394
|
2026-05-6 03:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4
|
5.3 |
MEDIUM
Network
|
-
|
-
|
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthen…
New
|
CWE-696
Incorrect Behavior Order
|
CVE-2026-43002
|
2026-05-6 03:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint.
New
|
CWE-78
CWE-306
OS Command
Missing Authentication for Critical Function
|
CVE-2026-36356
|
2026-05-6 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6
|
7.7 |
HIGH
Local
|
-
|
-
|
The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the write_mem (ioctl 0x89F5) and read_mem (ioct…
New
|
CWE-200
CWE-782
CWE-787
Information Exposure
Exposed IOCTL with Insufficient Access Control
Out-of-bounds Write
|
CVE-2026-36355
|
2026-05-6 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
7
|
9.8 |
CRITICAL
Network
|
synway
|
smg_gateway_management_software
|
Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and in…
Update
|
CWE-78
OS Command
|
CVE-2025-71284
|
2026-05-6 03:09 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
8
|
8.0 |
HIGH
Network
|
jenkins
|
html_publisher
|
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-42524
|
2026-05-6 03:06 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
9
|
9.0 |
CRITICAL
Network
|
jenkins
|
github
|
Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-42523
|
2026-05-6 03:06 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
10
|
5.9 |
MEDIUM
Network
|
elastic
|
elastic_package_registry
|
Improper Verification of Cryptographic Signature (CWE-347) in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served t…
Update
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-33467
|
2026-05-6 02:55 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
