|
431
|
4.3 |
MEDIUM
Network
|
dnnsoftware
|
dotnetnuke
|
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user cou…
Update
|
CWE-285
Improper Authorization
|
CVE-2026-40305
|
2026-04-24 23:40 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
432
|
7.5 |
HIGH
Network
|
-
|
-
|
A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, iden…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-35064
|
2026-04-24 23:40 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
433
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rath…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-35503
|
2026-04-24 23:40 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
434
|
8.1 |
HIGH
Network
|
-
|
-
|
A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device…
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-39462
|
2026-04-24 23:40 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
435
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication…
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-40431
|
2026-04-24 23:40 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
436
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config appli…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-40620
|
2026-04-24 23:40 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
437
|
8.1 |
HIGH
Network
|
-
|
-
|
A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inad…
New
|
CWE-862
Missing Authorization
|
CVE-2026-40623
|
2026-04-24 23:40 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
438
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability in
SenseLive
X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network acc…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-40630
|
2026-04-24 23:40 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
439
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An att…
New
|
CWE-843
Type Confusion
|
CVE-2026-6732
|
2026-04-24 23:39 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
440
|
4.9 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in the browser-based remote management interface may allow an administrator to access sensitive information on the device via crafted requests, affecting certain production printers a…
New
|
CWE-807
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-1789
|
2026-04-24 23:39 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
