|
1661
|
7.5 |
HIGH
Network
|
-
|
-
|
In Meari IoT Cloud alert image storage on Alibaba OSS (latest observed; storage service version not disclosed), motion snapshots are retrievable without authentication, signed URLs, or expiry enforce…
|
CWE-862
Missing Authorization
|
CVE-2026-33359
|
2026-05-14 00:36 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1662
|
7.5 |
HIGH
Network
|
-
|
-
|
In Meari IoT SDK image handling (libmrplayer.so) as observed in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and related white-label apps (<= 1.8.x), baby monitor ".jpgx3" files use reversi…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2026-33361
|
2026-05-14 00:36 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1663
|
8.6 |
HIGH
Network
|
-
|
-
|
In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and white-label Android apps <= 1.8.x (latest observed), multiple security-critical secrets are hardcoded an…
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-33362
|
2026-05-14 00:36 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1664
|
8.4 |
HIGH
Network
|
-
|
-
|
A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher throu…
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2026-25705
|
2026-05-14 00:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1665
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on …
|
CWE-863
Incorrect Authorization
|
CVE-2026-41050
|
2026-05-14 00:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1666
|
- |
|
-
|
-
|
The new upstream added a privileged D-Bus
helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown() arbitrary files in the sy…
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-25710
|
2026-05-14 00:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1667
|
- |
|
-
|
-
|
The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in
malcontent-timerd allows arbitrary users…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-44931
|
2026-05-14 00:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1668
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim…
|
CWE-79
Cross-site Scripting
|
CVE-2026-23819
|
2026-05-14 00:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1669
|
7.2 |
HIGH
Network
|
-
|
-
|
A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands in a restricted shell environme…
|
CWE-78
OS Command
|
CVE-2026-23820
|
2026-05-14 00:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1670
|
7.2 |
HIGH
Network
|
-
|
-
|
A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Su…
|
CWE-78
OS Command
|
CVE-2026-23821
|
2026-05-14 00:35 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
