|
391
|
8.8 |
HIGH
Network
|
tenda
|
hg3_firmware
|
A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to co…
Update
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7160
|
2026-05-1 03:23 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
392
|
8.8 |
HIGH
Network
|
tenda
|
hg3_firmware
|
A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer ov…
Update
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-7151
|
2026-05-1 03:22 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
393
|
8.8 |
HIGH
Network
|
tenda
|
hg3_firmware
|
A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injec…
Update
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7119
|
2026-05-1 03:22 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
394
|
6.1 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-sco…
New
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2026-7163
|
2026-05-1 03:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
395
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An att…
Update
|
CWE-843
Type Confusion
|
CVE-2026-6732
|
2026-05-1 03:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
396
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper
access control in the vault documentation feature in Devolutions
Server allows an authenticated attacker to read documentation content
from unauthorized vaults via a crafted API request.
…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-6706
|
2026-05-1 03:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
397
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constrai…
New
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2026-3833
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
398
|
3.7 |
LOW
Network
|
-
|
-
|
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a lo…
New
|
CWE-179
Incorrect Behavior Order: Early Validation
|
CVE-2026-3832
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
399
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in RafyMrX TOKO-ONLINE-ROTI v.1.0 allows a remote attacker to execute arbitrary code via the detail_produk.php component
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-38940
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
400
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the product_catalogue.php component
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-38939
|
2026-05-1 03:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
