|
3851
|
8.1 |
HIGH
Network
|
apache
|
activemq
activemq_broker
|
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.
Apache ActiveMQ Classic exposes th…
|
CWE-20
CWE-94
Improper Input Validation
Code Injection
|
CVE-2026-42588
|
2026-06-2 02:06 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3852
|
5.8 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-10517
|
2026-06-2 01:57 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3853
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints (mgmt.php, npcmd.php) that a…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-24444
|
2026-06-2 01:55 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3854
|
7.5 |
HIGH
Network
|
-
|
-
|
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/{filename} endpoint on Windows deployments that allows unauthenticated remote attack…
|
CWE-36
Absolute Path Traversal
|
CVE-2026-10044
|
2026-06-2 01:55 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3855
|
7.5 |
HIGH
Network
|
-
|
-
|
Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attac…
|
CWE-256
Plaintext Storage of a Password
|
CVE-2018-25396
|
2026-06-2 01:55 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3856
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules…
|
CWE-22
Path Traversal
|
CVE-2018-25421
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3857
|
8.2 |
HIGH
Network
|
-
|
-
|
MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attacke…
|
CWE-89
SQL Injection
|
CVE-2018-25422
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3858
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 byte…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25423
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3859
|
8.2 |
HIGH
Network
|
-
|
-
|
Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters.…
|
CWE-89
SQL Injection
|
CVE-2018-25424
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3860
|
8.2 |
HIGH
Network
|
-
|
-
|
Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers …
|
CWE-89
SQL Injection
|
CVE-2018-25425
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
