|
2471
|
4.3 |
MEDIUM
Physics
|
-
|
-
|
Weak authentication between the Wireless Control Module (WCM) and the Engine Control Module (ECM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with…
|
CWE-327
CWE-798
CWE-1390
Use of a Broken or Risky Cryptographic Algorithm
Use of Hard-coded Credentials
Weak Authentication
|
CVE-2026-49323
|
2026-05-30 00:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2472
|
4.3 |
MEDIUM
Physics
|
-
|
-
|
Weak authentication in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to…
|
CWE-294
CWE-327
CWE-1390
Authentication Bypass by Capture-replay
Use of a Broken or Risky Cryptographic Algorithm
Weak Authentication
|
CVE-2026-49322
|
2026-05-30 00:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2473
|
- |
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key as a string constant named TEST_PRIVATE_KEY and uses i…
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-45041
|
2026-05-30 00:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2474
|
9.8 |
CRITICAL
Network
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The functi…
|
CWE-798
CWE-1392
Use of Hard-coded Credentials
Use of Default Credentials
|
CVE-2026-45039
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2475
|
- |
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buckets without enforcing dest…
|
CWE-863
Incorrect Authorization
|
CVE-2026-45042
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2476
|
- |
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-45044
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2477
|
- |
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFS_CORS_ALLOWED_ORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origi…
|
CWE-306
CWE-346
CWE-942
Missing Authentication for Critical Function
Origin Validation Error
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-46685
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2478
|
- |
|
-
|
-
|
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentic…
|
CWE-200
CWE-306
Information Exposure
Missing Authentication for Critical Function
|
CVE-2026-47136
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2479
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filter_target parameter on return_dynamic_filters.php (normally used as an AJAX in View Issu…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41897
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2480
|
- |
|
-
|
-
|
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (UPDATER, with default setti…
|
CWE-863
Incorrect Authorization
|
CVE-2026-42070
|
2026-05-30 00:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
