|
2851
|
- |
|
-
|
-
|
Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers.
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2026-50211
|
2026-06-5 00:10 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2852
|
- |
|
-
|
-
|
Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-50212
|
2026-06-5 00:10 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2853
|
- |
|
-
|
-
|
The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-50213
|
2026-06-5 00:10 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2854
|
8.2 |
HIGH
Network
|
-
|
-
|
All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. At…
|
CWE-89
SQL Injection
|
CVE-2019-25726
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2855
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers…
|
CWE-22
Path Traversal
|
CVE-2019-25727
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2856
|
8.2 |
HIGH
Network
|
-
|
-
|
Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter. Attackers can inject …
|
CWE-89
SQL Injection
|
CVE-2019-25728
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2857
|
9.8 |
CRITICAL
Network
|
-
|
-
|
PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie paramete…
|
CWE-352
Origin Validation Error
|
CVE-2019-25729
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2858
|
8.2 |
HIGH
Network
|
-
|
-
|
Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can s…
|
CWE-89
SQL Injection
|
CVE-2019-25730
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2859
|
8.2 |
HIGH
Network
|
-
|
-
|
PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers…
|
CWE-89
SQL Injection
|
CVE-2019-25732
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2860
|
8.4 |
HIGH
Local
|
-
|
-
|
NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft a…
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-25733
|
2026-06-5 00:00 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
