|
241
|
9.8 |
CRITICAL
Network
|
-
|
-
|
T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account.
Update
|
CWE-259
Use of Hard-coded Password
|
CVE-2026-35905
|
2026-06-9 00:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
242
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via …
Update
|
CWE-284
Improper Access Control
|
CVE-2026-35904
|
2026-06-9 00:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
243
|
8.4 |
HIGH
Local
|
-
|
-
|
clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation.
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-26422
|
2026-06-9 00:16 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
244
|
4.8 |
MEDIUM
Network
|
-
|
-
|
QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG f…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-25558
|
2026-06-9 00:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/c…
New
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-11521
|
2026-06-9 00:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246
|
3.5 |
LOW
Network
|
-
|
-
|
A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes cross site scripting. It i…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-11520
|
2026-06-9 00:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /Product_Inventory/api/users_handler.php of the comp…
New
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-11519
|
2026-06-9 00:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument f…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-11518
|
2026-06-9 00:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupNam…
New
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-11517
|
2026-06-9 00:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250
|
3.5 |
LOW
Network
|
-
|
-
|
A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a ma…
New
|
CWE-74
CWE-80
Injection
Basic XSS
|
CVE-2026-11511
|
2026-06-9 00:16 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
