|
21
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3.
New
|
CWE-843
Type Confusion
|
CVE-2026-10702
|
2026-06-5 03:38 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
5.3 |
MEDIUM
Network
|
openquantumsafe
|
liboqs
|
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT …
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-46344
|
2026-06-5 03:38 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
5.3 |
MEDIUM
Network
|
openquantumsafe
|
liboqs
|
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT …
Update
|
CWE-20
CWE-125
Improper Input Validation
Out-of-bounds Read
|
CVE-2026-44518
|
2026-06-5 03:36 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
5.3 |
MEDIUM
Network
|
hcltech
|
icontrol
|
HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of modern web browsers.
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2025-52609
|
2026-06-5 03:34 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
25
|
4.3 |
MEDIUM
Network
|
hcltech
|
icontrol
|
HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Spec…
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2025-52611
|
2026-06-5 03:34 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
8.8 |
HIGH
Network
|
hcltech
|
icontrol
|
HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input param…
New
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2025-52612
|
2026-06-5 03:32 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
5.4 |
MEDIUM
Adjacent
|
macgregor
|
interschalt_vdr_g4e_firmware
|
Danelec MacGregor Voyage Data Recorder
passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks.
Update
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2026-44611
|
2026-06-5 03:30 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
5.4 |
MEDIUM
Adjacent
|
macgregor
|
interschalt_vdr_g4e_firmware
|
An authenticated
user can download a backup of the Danelec MacGregor Voyage Data Recorder
device which includes account data and password hashes.
Update
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-42951
|
2026-06-5 03:30 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
8.3 |
HIGH
Adjacent
|
macgregor
|
interschalt_vdr_g4e_firmware
|
The Danelec MacGregor Voyage Data Recorder
device includes a default username and password, with no enforced password change.
Update
|
CWE-1392
Use of Default Credentials
|
CVE-2026-42941
|
2026-06-5 03:27 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
8.3 |
HIGH
Adjacent
|
macgregor
|
interschalt_vdr_g4e_firmware
|
Danelec MacGregor Voyage Data Recorder
includes default accounts with hard-coded credentials.
Update
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42929
|
2026-06-5 03:26 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
