|
2491
|
7.1 |
HIGH
Network
|
-
|
-
|
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, with credentials: true and no explicit origin (the default wildcard), the CORS Middleware refle…
|
CWE-942
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-54290
|
2026-06-23 04:49 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2492
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several…
|
CWE-348
Use of Less Trusted Source
|
CVE-2026-54289
|
2026-06-23 04:49 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2493
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the wanMTU parameter.
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-51843
|
2026-06-23 04:45 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2494
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the cloneType parameter.
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-51844
|
2026-06-23 04:45 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2495
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter.
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-51845
|
2026-06-23 04:45 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2496
|
- |
|
-
|
-
|
Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, …
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-12602
|
2026-06-23 04:45 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2497
|
- |
|
-
|
-
|
Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is a…
|
CWE-200
Information Exposure
|
CVE-2026-7166
|
2026-06-23 04:45 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2498
|
- |
|
-
|
-
|
The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of valid…
|
CWE-200
Information Exposure
|
CVE-2026-7167
|
2026-06-23 04:45 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2499
|
- |
|
-
|
-
|
The vulnerability is present in the ‘/addJugador’ endpoint:
* The 'keyJugador' and 'keyJugadorObjectiu' parameters allow the modification of other users’ information without requiring prior autho…
|
CWE-20
Improper Input Validation
|
CVE-2026-7165
|
2026-06-23 04:45 |
2026-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2500
|
8.8 |
HIGH
Network
|
-
|
-
|
Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profile_pi…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-25758
|
2026-06-23 04:43 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|