|
3191
|
7.5 |
HIGH
Network
|
-
|
-
|
When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBin_LoadHttpModule function in the dll would b…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8359
|
2026-05-30 05:26 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3192
|
7.5 |
HIGH
Network
|
-
|
-
|
Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in various DLLs (i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll) can return a NULL pointer (i.e., when no user is logged into th…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8360
|
2026-05-30 05:26 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3193
|
7.5 |
HIGH
Network
|
-
|
-
|
A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome
|
CWE-23
Relative Path Traversal
|
CVE-2026-8361
|
2026-05-30 05:26 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3194
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-8362
|
2026-05-30 05:26 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3195
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-8363
|
2026-05-30 05:26 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3196
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo,…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-8364
|
2026-05-30 05:26 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3197
|
3.3 |
LOW
Physics
|
-
|
-
|
Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer ownership declared. This vul…
|
CWE-415
Double Free
|
CVE-2026-45324
|
2026-05-30 05:21 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3198
|
3.3 |
LOW
Local
|
-
|
-
|
Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76c…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-45613
|
2026-05-30 05:21 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3199
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields (with Default value → Custom) that were evaluated as …
|
CWE-94
CWE-693
CWE-1336
Code Injection
Protection Mechanism Failure
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-45697
|
2026-05-30 05:21 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3200
|
- |
|
-
|
-
|
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-47266
|
2026-05-30 05:21 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
