|
1191
|
7.0 |
HIGH
Network
|
-
|
-
|
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.
|
CWE-284
Improper Access Control
|
CVE-2026-5788
|
2026-05-8 03:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1192
|
7.2 |
HIGH
Network
|
-
|
-
|
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
|
CWE-20
Improper Input Validation
|
CVE-2026-6973
|
2026-05-8 03:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1193
|
7.4 |
HIGH
Network
|
-
|
-
|
Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-7821
|
2026-05-8 03:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1194
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or r…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-7414
|
2026-05-8 03:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1195
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetr…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-7415
|
2026-05-8 03:46 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1196
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Scripting (XSS) vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activiti…
|
CWE-79
Cross-site Scripting
|
CVE-2026-36341
|
2026-05-8 03:45 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1197
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file sanit…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-36387
|
2026-05-8 03:45 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1198
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A Cross-Site Scripting (XSS) vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker (patient) to …
|
CWE-79
Cross-site Scripting
|
CVE-2026-36388
|
2026-05-8 03:45 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1199
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: tcm_loop: Drain commands in target_reset handler
tcm_loop_target_reset() violates the SCSI EH contract: it returns …
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2026-43054
|
2026-05-8 03:28 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1200
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
xfs: close crash window in attr dabtree inactivation
When inactivating an inode with node-format extended attributes,
xfs_attr3_n…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-43053
|
2026-05-8 03:24 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
