|
2641
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the brow…
|
CWE-79
Cross-site Scripting
|
CVE-2026-4293
|
2026-05-21 02:30 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2642
|
9.1 |
CRITICAL
Network
|
-
|
-
|
An undocumented configuration export port is accessible on some models
of ZKTeco CCTV cameras. This port does not require authentication and
exposes critical information about the camera such as op…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-8598
|
2026-05-21 02:30 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2643
|
6.8 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow a…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-20171
|
2026-05-21 02:30 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2644
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the roo…
|
CWE-74
Injection
|
CVE-2026-20199
|
2026-05-21 02:30 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2645
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the Browse…
|
CWE-78
OS Command
|
CVE-2026-20206
|
2026-05-21 02:30 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2646
|
10.0 |
CRITICAL
Network
|
-
|
-
|
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the S…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-20223
|
2026-05-21 02:30 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2647
|
7.5 |
HIGH
Network
|
nvidia
|
triton_inference_server
|
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service.
|
CWE-22
Path Traversal
|
CVE-2026-24208
|
2026-05-21 02:29 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2648
|
7.5 |
HIGH
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature b…
|
CWE-863
Incorrect Authorization
|
CVE-2026-34645
|
2026-05-21 02:28 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2649
|
7.5 |
HIGH
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature b…
|
CWE-863
Incorrect Authorization
|
CVE-2026-34646
|
2026-05-21 02:28 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2650
|
7.4 |
HIGH
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-34647
|
2026-05-21 02:28 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
