|
1211
|
5.9 |
MEDIUM
Network
|
perldancer
|
dancer\
|
Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely.
The session id is generated from summing the character codepoints of the absolute pathname with the proce…
Update
|
CWE-338
CWE-340
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Generation of Predictable Numbers or Identifiers
|
CVE-2026-5080
|
2026-05-5 11:54 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1212
|
5.3 |
MEDIUM
Network
|
asrmicro
|
asr1901_firmware
asr1903_firmware
|
NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation.
This vulnerability is associated with program files sip/utils/src/s…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42800
|
2026-05-5 11:54 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1213
|
9.8 |
CRITICAL
Network
|
asrmicro
|
asr1803_firmware
|
Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers.
This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C.
This issue affects …
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42799
|
2026-05-5 11:53 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1214
|
9.8 |
CRITICAL
Network
|
oppo
|
coloros_assistant
|
ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.
Update
|
CWE-23
CWE-22
Relative Path Traversal
Path Traversal
|
CVE-2026-22070
|
2026-05-5 11:53 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1215
|
7.5 |
HIGH
Network
|
4d
|
server
|
Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adja…
Update
|
CWE-611
XXE
|
CVE-2024-39847
|
2026-05-5 11:51 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1216
|
9.8 |
CRITICAL
Network
|
pylixm
|
django-mdeditor
|
All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary c…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2025-13030
|
2026-05-5 11:50 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1217
|
4.8 |
MEDIUM
Network
|
gnu
|
wget2
|
wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpos…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-1858
|
2026-05-5 11:47 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1218
|
9.8 |
CRITICAL
Network
|
tenda
|
w3002r_firmware
a302_firmware
w309r_firmware
|
Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient se…
Update
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2018-25317
|
2026-05-5 11:46 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1219
|
8.8 |
HIGH
Network
|
geovision
|
gv-lpc2011_firmware
gv-lpc2211_firmware
|
An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An…
New
|
CWE-78
OS Command
|
CVE-2026-42364
|
2026-05-5 11:45 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1220
|
6.5 |
MEDIUM
Network
|
geovision
|
gv-lpc2011_firmware
gv-lpc2211_firmware
|
A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker …
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-42367
|
2026-05-5 11:45 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
