|
1791
|
9.1 |
CRITICAL
Network
|
honeywell
|
control_network_module_firmware
|
Honeywell Control
Network Module (CNM) contains command injection vulnerability
in the web interface. An attacker could exploit this vulnerability via command
delimiters, potentially resulting in Rem…
|
CWE-77
Command Injection
|
CVE-2026-5433
|
2026-05-22 23:38 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1792
|
8.1 |
HIGH
Network
|
nvidia
|
dgx_os
|
NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cr…
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-24218
|
2026-05-22 23:35 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1793
|
7.8 |
HIGH
Local
|
trendmicro
|
apex_one
|
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different…
|
CWE-346
Origin Validation Error
|
CVE-2026-34930
|
2026-05-22 22:39 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1794
|
7.8 |
HIGH
Local
|
trendmicro
|
apex_one
|
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different…
|
CWE-346
Origin Validation Error
|
CVE-2026-34929
|
2026-05-22 22:38 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1795
|
7.8 |
HIGH
Local
|
trendmicro
|
apex_one
|
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different…
|
CWE-346
Origin Validation Error
|
CVE-2026-34928
|
2026-05-22 22:37 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1796
|
7.8 |
HIGH
Local
|
trendmicro
|
apex_one
|
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to …
|
CWE-346
Origin Validation Error
|
CVE-2026-34927
|
2026-05-22 22:31 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1797
|
6.7 |
MEDIUM
Local
|
trendmicro
|
apex_one
|
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents…
|
CWE-23
Relative Path Traversal
|
CVE-2026-34926
|
2026-05-22 21:47 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1798
|
9.8 |
CRITICAL
Network
|
apache
|
fory
|
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resol…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-48207
|
2026-05-22 21:40 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1799
|
- |
|
-
|
-
|
STER uses unencrypted TCP traffic to transmit data over the network. It allows an attacker to conduct a Man-In-The-Middle attack and obtain sensitive data such as passwords, personal data, or authen…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-25608
|
2026-05-22 19:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1800
|
- |
|
-
|
-
|
Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded.
This issue was fixed in version…
|
CWE-261
Weak Encoding for Password
|
CVE-2026-25607
|
2026-05-22 19:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
