|
3411
|
6.5 |
MEDIUM
Network
|
apache
|
airflow
|
A bug in the GET `/api/v2/connections/{connection_id}` REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connect…
|
CWE-200
Information Exposure
|
CVE-2026-45192
|
2026-06-2 02:08 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3412
|
6.5 |
MEDIUM
Network
|
apache
|
mina_sshd
|
Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to …
|
CWE-22
Path Traversal
|
CVE-2026-48827
|
2026-06-2 02:08 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3413
|
9.1 |
CRITICAL
Network
|
-
|
-
|
The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without …
|
CWE-620
Unverified Password Change
|
CVE-2026-5386
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3414
|
8.4 |
HIGH
Network
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can injec…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6824
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3415
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-7786
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3416
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-5768
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3417
|
4.3 |
MEDIUM
Adjacent
|
-
|
-
|
Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory.
A logic error in the address…
|
CWE-823
Use of Out-of-range Pointer Offset
|
CVE-2026-34193
|
2026-06-2 02:07 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3418
|
- |
|
-
|
-
|
In certain scenarios when the admin has enabled Interactive Connectivity Establishment (ICE), a buffer overflow could enable
remote code execution on Poly Voice products on the Linux p…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-0826
|
2026-06-2 02:07 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3419
|
4.3 |
MEDIUM
Network
|
apache
|
activemq
activemq_broker
|
Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with proper permissions.
This issue affects Apa…
|
CWE-285
Improper Authorization
|
CVE-2026-46605
|
2026-06-2 02:07 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3420
|
7.5 |
HIGH
Network
|
-
|
-
|
CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote a…
|
CWE-942
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-10056
|
2026-06-2 02:06 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
