|
3181
|
5.3 |
MEDIUM
Network
|
hcltech
|
icontrol
|
HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of modern web browsers.
|
CWE-693
Protection Mechanism Failure
|
CVE-2025-52609
|
2026-06-5 03:34 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3182
|
4.3 |
MEDIUM
Network
|
hcltech
|
icontrol
|
HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Spec…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2025-52611
|
2026-06-5 03:34 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3183
|
8.8 |
HIGH
Network
|
hcltech
|
icontrol
|
HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input param…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2025-52612
|
2026-06-5 03:32 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3184
|
5.4 |
MEDIUM
Adjacent
|
macgregor
|
interschalt_vdr_g4e_firmware
|
Danelec MacGregor Voyage Data Recorder
passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks.
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2026-44611
|
2026-06-5 03:30 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3185
|
5.4 |
MEDIUM
Adjacent
|
macgregor
|
interschalt_vdr_g4e_firmware
|
An authenticated
user can download a backup of the Danelec MacGregor Voyage Data Recorder
device which includes account data and password hashes.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-42951
|
2026-06-5 03:30 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3186
|
8.3 |
HIGH
Adjacent
|
macgregor
|
interschalt_vdr_g4e_firmware
|
The Danelec MacGregor Voyage Data Recorder
device includes a default username and password, with no enforced password change.
|
CWE-1392
Use of Default Credentials
|
CVE-2026-42941
|
2026-06-5 03:27 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3187
|
8.3 |
HIGH
Adjacent
|
macgregor
|
interschalt_vdr_g4e_firmware
|
Danelec MacGregor Voyage Data Recorder
includes default accounts with hard-coded credentials.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42929
|
2026-06-5 03:26 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3188
|
3.6 |
LOW
Local
|
lfprojects
|
mlflow
|
A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflow/data/digest_utils.py of the component Dataset Digest Computation. This manipu…
|
CWE-327
CWE-328
Use of a Broken or Risky Cryptographic Algorithm
Use of Weak Hash
|
CVE-2026-10803
|
2026-06-5 03:24 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3189
|
2.2 |
LOW
Network
|
-
|
-
|
In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set device_owner to a value that has "network:" at the beginning ("n…
|
CWE-863
Incorrect Authorization
|
CVE-2026-50266
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3190
|
7.4 |
HIGH
Network
|
-
|
-
|
An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When ssl…
|
CWE-297
Improper Validation of Certificate with Host Mismatch
|
CVE-2026-44393
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
