|
2881
|
3.8 |
LOW
Network
|
tfa_basic_plugins_project
|
tfa_basic_plugins
|
An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users.
This issue affects TFA Basic Plugins…
|
CWE-267
Privilege Defined With Unsafe Actions
|
CVE-2026-6816
|
2026-06-2 02:15 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2882
|
8.8 |
HIGH
Network
|
apache
|
activemq
|
Incorrect Default Permissions vulnerability in Apache ActiveMQ.
This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6.
The default Jolokia authorization settings granted non-ad…
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-49157
|
2026-06-2 02:09 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2883
|
5.9 |
MEDIUM
Network
|
apache
|
activemq
activemq_broker
|
Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All.
Brokers that are configured with a network connector with syncDurabl…
|
CWE-1230
Exposure of Sensitive Information Through Metadata
|
CVE-2026-49270
|
2026-06-2 02:09 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2884
|
8.8 |
HIGH
Network
|
apache
|
activemq
activemq_broker
|
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.
Non-parenthesized discovery wrapp…
|
CWE-20
CWE-94
Improper Input Validation
Code Injection
|
CVE-2026-45505
|
2026-06-2 02:09 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2885
|
6.5 |
MEDIUM
Network
|
apache
|
airflow
|
A bug in the GET `/api/v2/connections/{connection_id}` REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connect…
|
CWE-200
Information Exposure
|
CVE-2026-45192
|
2026-06-2 02:08 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2886
|
6.5 |
MEDIUM
Network
|
apache
|
mina_sshd
|
Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to …
|
CWE-22
Path Traversal
|
CVE-2026-48827
|
2026-06-2 02:08 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2887
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without …
|
CWE-620
Unverified Password Change
|
CVE-2026-5386
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2888
|
8.4 |
HIGH
Network
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can injec…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6824
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2889
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-7786
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2890
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-5768
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
