|
891
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assig…
New
|
CWE-340
Generation of Predictable Numbers or Identifiers
|
CVE-2026-9219
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
892
|
- |
|
-
|
-
|
HTMLy 3.1.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the RSS feed import functionality. The function get_feed() in system/admin/admin.php passes user-supplied $feed_url directly…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-57940
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
893
|
7.7 |
HIGH
Network
|
-
|
-
|
Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/{orgId} endpoints.
New
|
CWE-551
|
CVE-2026-57920
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
894
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join() without sanitization, allowing file writes to arbitrary paths.
New
|
CWE-22
Path Traversal
|
CVE-2026-56445
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
895
|
7.8 |
HIGH
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iterative…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-55693
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
896
|
7.3 |
HIGH
Network
|
-
|
-
|
The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predi…
New
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-54479
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
897
|
- |
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, a low-privileged authenticated user of filebr…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-54097
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
898
|
7.5 |
HIGH
Network
|
-
|
-
|
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks o…
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-50176
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
899
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-44622
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
900
|
9.4 |
CRITICAL
Network
|
-
|
-
|
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensiti…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-40702
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
