|
931
|
10.0 |
CRITICAL
Network
|
vm2_project
|
vm2
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue has been patched in version 3.11.0.
New
|
CWE-94
CWE-693
Code Injection
Protection Mechanism Failure
|
CVE-2026-26332
|
2026-05-6 21:24 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
932
|
8.8 |
HIGH
Adjacent
|
dlink
|
dir-605l_firmware
|
D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the s…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42372
|
2026-05-6 21:20 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
933
|
8.8 |
HIGH
Adjacent
|
dlink
|
dir-605l_firmware
|
D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the s…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42373
|
2026-05-6 21:19 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
934
|
8.8 |
HIGH
Adjacent
|
dlink
|
dir-600l_firmware
|
D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42374
|
2026-05-6 21:18 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
935
|
8.8 |
HIGH
Adjacent
|
dlink
|
dir-600l_firmware
|
D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42375
|
2026-05-6 21:17 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
936
|
2.7 |
LOW
Network
|
-
|
-
|
HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the …
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2025-62345
|
2026-05-6 21:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
937
|
8.8 |
HIGH
Network
|
-
|
-
|
HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized comma…
New
|
CWE-77
CWE-351
CWE-451
Command Injection
Insufficient Type Distinction
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2025-31951
|
2026-05-6 21:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
938
|
3.1 |
LOW
Network
|
-
|
-
|
HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit b…
New
|
CWE-80
Basic XSS
|
CVE-2025-59854
|
2026-05-6 20:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
939
|
3.1 |
LOW
Network
|
-
|
-
|
HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the appl…
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2025-59853
|
2026-05-6 20:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
940
|
3.7 |
LOW
Network
|
-
|
-
|
HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise t…
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2025-59852
|
2026-05-6 20:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
