|
351
|
4.6 |
MEDIUM
Network
|
-
|
-
|
SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads t…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7429
|
2026-05-2 00:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352
|
7.2 |
HIGH
Network
|
-
|
-
|
SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attack…
New
|
CWE-89
SQL Injection
|
CVE-2026-7435
|
2026-05-2 00:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
353
|
- |
|
-
|
-
|
CVE-2026-33446 is a buffer overflow in the authentication sub-system of
the Secure Access client prior to 14.50. Attackers with control of a
modified server can send a special packet that can overw…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-33446
|
2026-05-2 00:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354
|
- |
|
-
|
-
|
CVE-2026-33447 is a buffer overflow in a message parsing function of the
Secure Access client prior to 14.50. Attackers with control of a
modified server can send a special packet that can overwrit…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-33447
|
2026-05-2 00:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355
|
- |
|
-
|
-
|
CVE-2026-33448 is a format string vulnerability in the logging subsystem
of Secure Access client for MacOS prior to 14.50. Attackers with
control of a modified server can force the client to dump t…
New
|
CWE-200
Information Exposure
|
CVE-2026-33448
|
2026-05-2 00:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
356
|
- |
|
-
|
-
|
CVE-2026-33449 is a buffer overflow in a message handling function of
the Secure Access client prior to 14.50. Attackers with control of
a modified server can send a cryptographically valid message…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-33449
|
2026-05-2 00:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357
|
- |
|
-
|
-
|
CVE-2026-33450 is an out of bounds read vulnerability in the Secure
Access MacOS client prior to 14.50. Attackers with control of a modified
server can send a malformed packet to the client causing…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-33450
|
2026-05-2 00:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
358
|
- |
|
-
|
-
|
CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure
Access Windows client prior to 14.50. Attackers with local control of
the Windows client can send malformed data to an API and …
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-33451
|
2026-05-2 00:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
359
|
- |
|
-
|
-
|
CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access
Windows client prior to 14.50. Attackers with local control of the
Windows client can use it to ‘blue screen’ the system.
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-33452
|
2026-05-2 00:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
360
|
- |
|
-
|
-
|
CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access
Windows client prior to 14.50. Attackers with local control of the
Windows client can use it to trigger a denial of service.
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-40949
|
2026-05-2 00:28 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
