|
1051
|
- |
|
-
|
-
|
The Item history widget (in Zabbix 7.0+) or the Plain text widget (in Zabbix 6.0) can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized acti…
|
CWE-79
Cross-site Scripting
|
CVE-2026-23928
|
2026-05-7 23:56 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1052
|
5.2 |
MEDIUM
Local
|
-
|
-
|
There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traver…
|
CWE-269
Improper Privilege Management
|
CVE-2026-40001
|
2026-05-7 23:56 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1053
|
6.3 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hard…
|
CWE-1241
Use of Predictable Algorithm in Random Number Generator
|
CVE-2026-6420
|
2026-05-7 23:56 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1054
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization (the lowest authenticated role, hold…
|
CWE-863
Incorrect Authorization
|
CVE-2026-6863
|
2026-05-7 23:56 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1055
|
5.1 |
MEDIUM
Physics
|
-
|
-
|
ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-40003
|
2026-05-7 23:56 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1056
|
5.5 |
MEDIUM
Physics
|
-
|
-
|
There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-40004
|
2026-05-7 23:56 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1057
|
7.5 |
HIGH
Network
|
-
|
-
|
When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects.
Spring C…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-40981
|
2026-05-7 23:56 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1058
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially cra…
|
CWE-22
Path Traversal
|
CVE-2026-40982
|
2026-05-7 23:56 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1059
|
7.2 |
HIGH
Local
|
-
|
-
|
The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use (TOCTOU) attacks.
Spring …
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-41002
|
2026-05-7 23:56 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1060
|
4.4 |
MEDIUM
Local
|
-
|
-
|
When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs.
Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrad…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-41004
|
2026-05-7 23:56 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
