|
2951
|
6.3 |
MEDIUM
Network
|
vivotek
|
fd8136_firmware
|
A stack-based buffer overflow in the export_language.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-35717
|
2026-06-4 03:42 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2952
|
7.3 |
HIGH
Network
|
vivotek
|
fd8136_firmware
|
Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-30649
|
2026-06-4 03:41 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2953
|
8.8 |
HIGH
Network
|
vivotek
|
fd8136_firmware
|
A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-03…
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-30650
|
2026-06-4 03:41 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2954
|
8.8 |
HIGH
Network
|
vivotek
|
fd8136_firmware
|
A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an …
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-30652
|
2026-06-4 03:40 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2955
|
6.3 |
MEDIUM
Network
|
vivotek
|
fd8136_firmware
|
A stack-based buffer overflow in the motion_privacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-35716
|
2026-06-4 03:40 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2956
|
6.5 |
MEDIUM
Network
|
vivotek
|
fd8136_firmware
|
A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted …
|
CWE-22
Path Traversal
|
CVE-2026-35718
|
2026-06-4 03:39 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2957
|
9.9 |
CRITICAL
Network
|
oracle
|
rest_data_services
|
Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network acc…
|
CWE-400
CWE-284
Uncontrolled Resource Consumption
Improper Access Control
|
CVE-2026-46775
|
2026-06-4 03:35 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2958
|
9.6 |
CRITICAL
Network
|
jpettitt
|
meshcore_card
|
MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect …
|
CWE-79
Cross-site Scripting
|
CVE-2026-45323
|
2026-06-4 03:34 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2959
|
4.3 |
MEDIUM
Network
|
redhat
|
build_of_keycloak
|
A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Conne…
|
CWE-863
Incorrect Authorization
|
CVE-2026-9791
|
2026-06-4 03:28 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2960
|
7.5 |
HIGH
Network
|
redhat
|
build_of_keycloak
|
A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing …
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-9793
|
2026-06-4 03:26 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
