|
1621
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the arg…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-9531
|
2026-05-29 02:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1622
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in Edimax EW-7438RPn 1.31. This impacts the function formSDHCP of the file /goform/formSDHCP. Such manipulation of the argument submit-url leads to stack-based buffer o…
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-9482
|
2026-05-29 02:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1623
|
7.5 |
HIGH
Network
|
-
|
-
|
Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.get_resource() method in taipy/gui/extension/library.py that allows unauthenticated attackers to es…
|
CWE-22
Path Traversal
|
CVE-2026-48544
|
2026-05-29 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1624
|
6.5 |
MEDIUM
Network
|
-
|
-
|
OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the …
|
CWE-89
SQL Injection
|
CVE-2026-38930
|
2026-05-29 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1625
|
7.3 |
HIGH
Network
|
-
|
-
|
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/class/commonobject.class.php.
|
CWE-94
Code Injection
|
CVE-2026-37713
|
2026-05-29 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1626
|
7.3 |
HIGH
Network
|
-
|
-
|
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/cron/class/cronjob.class.php, call_user_func_array() in fun…
|
CWE-94
Code Injection
|
CVE-2026-37712
|
2026-05-29 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1627
|
5.5 |
MEDIUM
Local
|
libusb
|
libusb
|
libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface cla…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-23679
|
2026-05-29 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1628
|
5.5 |
MEDIUM
Local
|
-
|
-
|
SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mec…
|
CWE-285
CWE-287
Improper Authorization
Improper Authentication
|
CVE-2025-68712
|
2026-05-29 02:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1629
|
6.6 |
MEDIUM
Network
|
jenkins
|
active_directory
|
Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-48919
|
2026-05-29 02:14 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1630
|
8.8 |
HIGH
Network
|
jenkins
|
email_extension
|
Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64` in email content by setting the `data-inline` attribute, without restrictions on the image URLs that c…
|
CWE-73
External Control of File Name or Path
|
CVE-2026-48920
|
2026-05-29 02:14 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
