|
391
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profi…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7457
|
2026-05-6 22:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
392
|
7.5 |
HIGH
Network
|
-
|
-
|
The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of su…
New
|
CWE-89
SQL Injection
|
CVE-2026-1719
|
2026-05-6 22:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
393
|
10.0 |
CRITICAL
Network
|
vm2_project
|
vm2
|
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue has been patched in version 3.11.0.
New
|
CWE-94
CWE-693
Code Injection
Protection Mechanism Failure
|
CVE-2026-26332
|
2026-05-6 21:24 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
394
|
8.8 |
HIGH
Adjacent
|
dlink
|
dir-605l_firmware
|
D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the s…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42372
|
2026-05-6 21:20 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
395
|
8.8 |
HIGH
Adjacent
|
dlink
|
dir-605l_firmware
|
D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the s…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42373
|
2026-05-6 21:19 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
396
|
8.8 |
HIGH
Adjacent
|
dlink
|
dir-600l_firmware
|
D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42374
|
2026-05-6 21:18 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
397
|
8.8 |
HIGH
Adjacent
|
dlink
|
dir-600l_firmware
|
D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42375
|
2026-05-6 21:17 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
398
|
- |
|
-
|
-
|
A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image.
When processing SVG marker references, the renderer retrieves a node by its id at…
New
|
CWE-122
CWE-843
Heap-based Buffer Overflow
Type Confusion
|
CVE-2026-6210
|
2026-05-6 21:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
399
|
2.7 |
LOW
Network
|
-
|
-
|
HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the …
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2025-62345
|
2026-05-6 21:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
400
|
8.8 |
HIGH
Network
|
-
|
-
|
HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized comma…
New
|
CWE-77
CWE-351
CWE-451
Command Injection
Insufficient Type Distinction
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2025-31951
|
2026-05-6 21:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
