|
2801
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, using show_inline=1 parameter and a valid file_show_inline_token CSRF token on file_download.php, an attacker can execu…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44657
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2802
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query fun…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9493
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2803
|
4.8 |
MEDIUM
Network
|
-
|
-
|
ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed …
|
CWE-79
Cross-site Scripting
|
CVE-2026-10057
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2804
|
4.8 |
MEDIUM
Network
|
-
|
-
|
ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed …
|
CWE-79
Cross-site Scripting
|
CVE-2026-10058
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2805
|
9.8 |
CRITICAL
Network
|
-
|
-
|
DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code exec…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-10071
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2806
|
7.2 |
HIGH
Network
|
-
|
-
|
DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-10072
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2807
|
7.5 |
HIGH
Network
|
-
|
-
|
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files.
|
CWE-23
Relative Path Traversal
|
CVE-2026-10073
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2808
|
4.9 |
MEDIUM
Network
|
-
|
-
|
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files.
|
CWE-23
Relative Path Traversal
|
CVE-2026-10074
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2809
|
5.3 |
MEDIUM
Network
|
-
|
-
|
DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulner…
|
CWE-36
Absolute Path Traversal
|
CVE-2026-10075
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2810
|
4.6 |
MEDIUM
Physics
|
-
|
-
|
Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown b…
|
CWE-440
CWE-693
CWE-754
Expected Behavior Violation
Protection Mechanism Failure
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-49316
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
