|
11
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpc_sys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipu…
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-11449
|
2026-06-7 12:16 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument ku…
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-11448
|
2026-06-7 12:16 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfo_backend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument devi…
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-11447
|
2026-06-7 11:16 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
8.4 |
HIGH
Local
|
-
|
-
|
clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation.
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-26422
|
2026-06-7 08:16 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
- |
|
-
|
-
|
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
New
|
-
|
CVE-2026-36229
|
2026-06-7 06:16 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. T…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-36499
|
2026-06-7 05:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation o…
New
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-11441
|
2026-06-7 03:16 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/{projectId}/default-branch of the component REST API. This manipulation of the …
New
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-11440
|
2026-06-7 03:16 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of th…
New
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-11439
|
2026-06-7 03:16 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
8.3 |
HIGH
Network
|
-
|
-
|
Use after free in Serial in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…
New
|
CWE-416
Use After Free
|
CVE-2026-11012
|
2026-06-7 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
