|
881
|
7.5 |
HIGH
Network
|
-
|
-
|
Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DES-ECB encryption
New
|
CWE-200
Information Exposure
|
CVE-2026-37454
|
2026-06-27 00:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
882
|
7.5 |
HIGH
Network
|
-
|
-
|
Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSI_SERVICE_2 pipe
New
|
CWE-200
Information Exposure
|
CVE-2026-37453
|
2026-06-27 00:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
883
|
7.5 |
HIGH
Network
|
-
|
-
|
Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSIAPService.exe component
New
|
CWE-200
Information Exposure
|
CVE-2026-37452
|
2026-06-27 00:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
884
|
7.7 |
HIGH
Local
|
-
|
-
|
GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 was discovered to contain a SQL injection vulnerability in the scost parameter in /grocery/search_products.php. This vulnerability …
New
|
CWE-89
SQL Injection
|
CVE-2026-37149
|
2026-06-27 00:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
885
|
- |
|
-
|
-
|
FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients to bypass tenant…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-23513
|
2026-06-27 00:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
886
|
6.5 |
MEDIUM
Network
|
-
|
-
|
By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Exception which can lead to denial of service issues. Users are recommended to …
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-57914
|
2026-06-26 23:51 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
887
|
- |
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB.
This issue affects Apache IoTDB: from 2.0.0 before 2.0.6, from 1.0.0 before 1.3.6.
User…
New
|
CWE-22
Path Traversal
|
CVE-2025-55017
|
2026-06-26 23:51 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
888
|
- |
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB.
This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7.
User…
New
|
CWE-22
Path Traversal
|
CVE-2025-64152
|
2026-06-26 23:51 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
889
|
7.8 |
HIGH
Local
|
mmaitre314
|
picklescan
|
picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils._config_module.load_config function within reduce methods. Attackers can craft pickle files embedding arbitrary…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-71348
|
2026-06-26 23:46 |
2026-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
890
|
7.5 |
HIGH
Network
|
-
|
-
|
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allo…
New
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-9220
|
2026-06-26 23:17 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
