|
231
|
- |
|
-
|
-
|
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name …
New
|
CWE-22
Path Traversal
|
CVE-2026-49233
|
2026-06-9 00:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
232
|
- |
|
-
|
-
|
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously …
New
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2026-49232
|
2026-06-9 00:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
233
|
- |
|
-
|
-
|
Unexpected Status Code or Return Value vulnerability in ninenines gun (gun_http module) allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Prot…
New
|
CWE-841
Improper Enforcement of Behavioral Workflow
|
CVE-2026-43974
|
2026-06-9 00:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
234
|
- |
|
-
|
-
|
Uncontrolled Resource Consumption vulnerability in ninenines gun (gun_http module) allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering.
In gun_http:handle/5,…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-43973
|
2026-06-9 00:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
235
|
- |
|
-
|
-
|
Origin Validation Error vulnerability in ninenines gun (gun_http2 module) allows cross-origin cookie injection via unvalidated HTTP/2 PUSH_PROMISE authority.
In gun_http2:push_promise_frame/7, the :…
New
|
CWE-346
Origin Validation Error
|
CVE-2026-43972
|
2026-06-9 00:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
236
|
7.5 |
HIGH
Network
|
-
|
-
|
bacnet_stack 1.3.1 contains an Out-of-bounds Read in bacnet_tag_number_decode which allows attackers to cause a denial of service.
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-38570
|
2026-06-9 00:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
237
|
- |
|
-
|
-
|
Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. These vulne…
New
|
-
|
CVE-2026-36789
|
2026-06-9 00:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
238
|
9.8 |
CRITICAL
Network
|
-
|
-
|
GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack.
Update
|
CWE-328
Use of Weak Hash
|
CVE-2026-36182
|
2026-06-9 00:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
239
|
4.6 |
MEDIUM
Physics
|
-
|
-
|
A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot sessi…
Update
|
-
|
CVE-2026-36180
|
2026-06-9 00:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
240
|
4.6 |
MEDIUM
Physics
|
-
|
-
|
GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtai…
Update
|
CWE-256
Plaintext Storage of a Password
|
CVE-2026-36174
|
2026-06-9 00:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
