|
1591
|
4.9 |
MEDIUM
Network
|
synology
|
surveillance_station
|
Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtai…
|
CWE-862
Missing Authorization
|
CVE-2024-47268
|
2026-05-29 03:38 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1592
|
- |
|
-
|
-
|
Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web …
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-8697
|
2026-05-29 03:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1593
|
- |
|
-
|
-
|
TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext witho…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-34126
|
2026-05-29 03:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1594
|
10.0 |
CRITICAL
Network
|
-
|
-
|
SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That ca…
|
CWE-94
Code Injection
|
CVE-2026-43898
|
2026-05-29 03:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1595
|
7.1 |
HIGH
Network
|
-
|
-
|
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the cu…
|
CWE-471
CWE-749
Modification of Assumed-Immutable Data (MAID)
Exposed Dangerous Method or Function
|
CVE-2026-44798
|
2026-05-29 03:38 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1596
|
4.9 |
MEDIUM
Network
|
synology
|
surveillance_station
|
Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with adm…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-47269
|
2026-05-29 03:38 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1597
|
2.7 |
LOW
Network
|
synology
|
surveillance_station
|
Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administra…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2024-47270
|
2026-05-29 03:38 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1598
|
4.9 |
MEDIUM
Network
|
synology
|
surveillance_station
|
Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privi…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-47271
|
2026-05-29 03:37 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1599
|
2.7 |
LOW
Network
|
synology
|
surveillance_station
|
Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to …
|
CWE-863
Incorrect Authorization
|
CVE-2024-47272
|
2026-05-29 03:37 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1600
|
7.5 |
HIGH
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm (Subscriber Da…
|
CWE-20
CWE-209
Improper Input Validation
Information Exposure Through an Error Message
|
CVE-2026-42459
|
2026-05-29 03:35 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
