|
681
|
7.5 |
HIGH
Network
|
honeywell
|
control_network_module_firmware
|
Honeywell Control
Network Module (CNM) contains
insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing
system files, potentially…
|
CWE-538
File and Directory Information Exposure
|
CVE-2026-5434
|
2026-05-22 23:38 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
682
|
9.1 |
CRITICAL
Network
|
honeywell
|
control_network_module_firmware
|
Honeywell Control
Network Module (CNM) contains command injection vulnerability
in the web interface. An attacker could exploit this vulnerability via command
delimiters, potentially resulting in Rem…
|
CWE-77
Command Injection
|
CVE-2026-5433
|
2026-05-22 23:38 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
683
|
8.1 |
HIGH
Network
|
nvidia
|
dgx_os
|
NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cr…
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-24218
|
2026-05-22 23:35 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
684
|
7.8 |
HIGH
Local
|
trendmicro
|
apex_one
|
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different…
|
CWE-346
Origin Validation Error
|
CVE-2026-34930
|
2026-05-22 22:39 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
685
|
7.8 |
HIGH
Local
|
trendmicro
|
apex_one
|
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different…
|
CWE-346
Origin Validation Error
|
CVE-2026-34929
|
2026-05-22 22:38 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
686
|
7.8 |
HIGH
Local
|
trendmicro
|
apex_one
|
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different…
|
CWE-346
Origin Validation Error
|
CVE-2026-34928
|
2026-05-22 22:37 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
687
|
7.8 |
HIGH
Local
|
trendmicro
|
apex_one
|
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to …
|
CWE-346
Origin Validation Error
|
CVE-2026-34927
|
2026-05-22 22:31 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
688
|
6.7 |
MEDIUM
Local
|
trendmicro
|
apex_one
|
A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents…
|
CWE-23
Relative Path Traversal
|
CVE-2026-34926
|
2026-05-22 21:47 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
689
|
9.8 |
CRITICAL
Network
|
apache
|
fory
|
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resol…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-48207
|
2026-05-22 21:40 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
690
|
- |
|
-
|
-
|
STER uses unencrypted TCP traffic to transmit data over the network. It allows an attacker to conduct a Man-In-The-Middle attack and obtain sensitive data such as passwords, personal data, or authen…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-25608
|
2026-05-22 19:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
