|
1041
|
8.8 |
HIGH
Network
|
vivotek
|
fd8136_firmware
|
A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an …
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-30652
|
2026-06-4 03:40 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1042
|
6.3 |
MEDIUM
Network
|
vivotek
|
fd8136_firmware
|
A stack-based buffer overflow in the motion_privacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-35716
|
2026-06-4 03:40 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1043
|
6.5 |
MEDIUM
Network
|
vivotek
|
fd8136_firmware
|
A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted …
New
|
CWE-22
Path Traversal
|
CVE-2026-35718
|
2026-06-4 03:39 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1044
|
9.9 |
CRITICAL
Network
|
oracle
|
rest_data_services
|
Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network acc…
Update
|
CWE-400
CWE-284
Uncontrolled Resource Consumption
Improper Access Control
|
CVE-2026-46775
|
2026-06-4 03:35 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1045
|
9.6 |
CRITICAL
Network
|
jpettitt
|
meshcore_card
|
MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-45323
|
2026-06-4 03:34 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1046
|
4.3 |
MEDIUM
Network
|
redhat
|
build_of_keycloak
|
A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Conne…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-9791
|
2026-06-4 03:28 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1047
|
7.5 |
HIGH
Network
|
redhat
|
build_of_keycloak
|
A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing …
Update
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-9793
|
2026-06-4 03:26 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1048
|
7.5 |
HIGH
Adjacent
|
tp-link
|
tapo_l535e_firmware
tapo_p300_firmware
tapo_d100c_firmware
|
TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext witho…
Update
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-34126
|
2026-06-4 03:18 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1049
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
coresight: tmc-etr: Fix race condition between sysfs and perf mode
When trying to run perf and sysfs mode simultaneously, the WAR…
New
|
-
|
CVE-2026-46272
|
2026-06-4 03:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1050
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree
When probing the k230 pinctrl driver, the kernel trig…
New
|
-
|
CVE-2026-46269
|
2026-06-4 03:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
