|
1511
|
5.4 |
MEDIUM
Network
|
-
|
-
|
An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2023-30059
|
2026-05-14 00:48 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1512
|
6.5 |
MEDIUM
Network
|
-
|
-
|
GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system…
|
CWE-78
OS Command
|
CVE-2026-31246
|
2026-05-14 00:47 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1513
|
7.5 |
HIGH
Network
|
-
|
-
|
Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML files without disabling entity resolution. An attacker can craf…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-31247
|
2026-05-14 00:47 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1514
|
7.5 |
HIGH
Network
|
-
|
-
|
Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring() without disabli…
|
CWE-776
XML Entity Expansion
|
CVE-2026-31248
|
2026-05-14 00:47 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1515
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-32661
|
2026-05-14 00:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1516
|
7.8 |
HIGH
Local
|
-
|
-
|
Bytello Share (Windows Edition) installer executable provided by Bytello insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer,…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-44612
|
2026-05-14 00:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1517
|
6.5 |
MEDIUM
Network
|
-
|
-
|
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of…
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-25107
|
2026-05-14 00:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1518
|
7.2 |
HIGH
Network
|
-
|
-
|
ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary …
|
CWE-78
OS Command
|
CVE-2026-35506
|
2026-05-14 00:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1519
|
9.8 |
CRITICAL
Network
|
-
|
-
|
ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-40621
|
2026-05-14 00:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1520
|
9.8 |
CRITICAL
Network
|
-
|
-
|
ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authenticati…
|
CWE-78
OS Command
|
CVE-2026-42062
|
2026-05-14 00:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
