|
631
|
8.1 |
HIGH
Network
|
-
|
-
|
The
iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to del…
|
CWE-22
Path Traversal
|
CVE-2026-11846
|
2026-06-13 01:00 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
632
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The
iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create direc…
|
CWE-22
Path Traversal
|
CVE-2026-11847
|
2026-06-13 01:00 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
633
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain par…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-11848
|
2026-06-13 01:00 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
634
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The
iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain adminis…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-11849
|
2026-06-13 01:00 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
635
|
- |
|
-
|
-
|
MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified b…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-11879
|
2026-06-13 01:00 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
636
|
- |
|
-
|
-
|
MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because t…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-11967
|
2026-06-13 01:00 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
637
|
- |
|
-
|
-
|
The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login cred…
|
CWE-257
Storing Passwords in a Recoverable Format
|
CVE-2026-1836
|
2026-06-13 01:00 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
638
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell o…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-53806
|
2026-06-13 00:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
639
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke a…
|
CWE-863
Incorrect Authorization
|
CVE-2026-53807
|
2026-06-13 00:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
640
|
6.5 |
MEDIUM
Network
|
-
|
-
|
OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuratio…
|
CWE-863
Incorrect Authorization
|
CVE-2026-53808
|
2026-06-13 00:58 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
