|
841
|
8.8 |
HIGH
Network
|
apache
|
activemq
activemq_broker
|
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.
Non-parenthesized discovery wrapp…
New
|
CWE-20
CWE-94
Improper Input Validation
Code Injection
|
CVE-2026-45505
|
2026-06-2 02:09 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
842
|
6.5 |
MEDIUM
Network
|
apache
|
airflow
|
A bug in the GET `/api/v2/connections/{connection_id}` REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connect…
New
|
CWE-200
Information Exposure
|
CVE-2026-45192
|
2026-06-2 02:08 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
843
|
6.5 |
MEDIUM
Network
|
apache
|
mina_sshd
|
Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to …
New
|
CWE-22
Path Traversal
|
CVE-2026-48827
|
2026-06-2 02:08 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
844
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without …
Update
|
CWE-620
Unverified Password Change
|
CVE-2026-5386
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
845
|
8.4 |
HIGH
Network
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can injec…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-6824
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
846
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range …
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-5768
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
847
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials …
Update
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-7786
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
848
|
5.7 |
MEDIUM
Adjacent
|
-
|
-
|
The administrator account for the
Danelec MacGregor Voyage Data Recorder
web interface can directly edit sensitive files related to authentication, potentially changing the root password.
Update
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-40425
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
849
|
8.3 |
HIGH
Adjacent
|
-
|
-
|
Danelec MacGregor Voyage Data Recorder
includes default accounts with hard-coded credentials.
Update
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42929
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
850
|
8.3 |
HIGH
Adjacent
|
-
|
-
|
The Danelec MacGregor Voyage Data Recorder
device includes a default username and password, with no enforced password change.
Update
|
CWE-1392
Use of Default Credentials
|
CVE-2026-42941
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
