|
141
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function
New
|
-
|
CVE-2026-36906
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
142
|
- |
|
-
|
-
|
Vulnerability in Wikimedia Foundation Scribunto.
This issue affects Scribunto: from 1.45.0 before 1.45.2.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-34089
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
143
|
8.6 |
HIGH
Network
|
-
|
-
|
In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and white-label Android apps <= 1.8.x (latest observed), multiple security-critical secrets are hardcoded an…
New
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-33362
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
144
|
7.5 |
HIGH
Network
|
-
|
-
|
In Meari IoT SDK image handling (libmrplayer.so) as observed in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and related white-label apps (<= 1.8.x), baby monitor ".jpgx3" files use reversi…
New
|
CWE-326
Inadequate Encryption Strength
|
CVE-2026-33361
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
145
|
7.5 |
HIGH
Network
|
-
|
-
|
In Meari IoT Cloud alert image storage on Alibaba OSS (latest observed; storage service version not disclosed), motion snapshots are retrievable without authentication, signed URLs, or expiry enforce…
New
|
CWE-862
Missing Authorization
|
CVE-2026-33359
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
146
|
7.5 |
HIGH
Network
|
-
|
-
|
In Meari client applications embedding "com.meari.sdk" (including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label <= 1.8.x), the integrated call path to openapi-euce.mearic…
New
|
CWE-862
Missing Authorization
|
CVE-2026-33357
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
147
|
7.7 |
HIGH
Network
|
-
|
-
|
In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. …
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-33356
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
148
|
- |
|
-
|
-
|
The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains a code injection vulnerability (CWE-94) in its training script. The script registers the Python …
New
|
-
|
CVE-2026-31254
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
149
|
- |
|
-
|
-
|
The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains an insecure deserialization vulnerability (CWE-502) in its checkpoint loading mechani…
New
|
-
|
CVE-2026-31253
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
150
|
- |
|
-
|
-
|
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its model loading component. The framework uses torch.load(…
New
|
-
|
CVE-2026-31252
|
2026-05-12 02:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
