|
2231
|
7.5 |
HIGH
Network
|
-
|
-
|
Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend extracts and validates XML files from .tar.gz archives using etree.fromstring() without disabli…
|
CWE-776
XML Entity Expansion
|
CVE-2026-31248
|
2026-05-14 00:47 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2232
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-32661
|
2026-05-14 00:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2233
|
7.8 |
HIGH
Local
|
-
|
-
|
Bytello Share (Windows Edition) installer executable provided by Bytello insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer,…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-44612
|
2026-05-14 00:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2234
|
6.5 |
MEDIUM
Network
|
-
|
-
|
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of…
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-25107
|
2026-05-14 00:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2235
|
7.2 |
HIGH
Network
|
-
|
-
|
ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary …
|
CWE-78
OS Command
|
CVE-2026-35506
|
2026-05-14 00:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2236
|
9.8 |
CRITICAL
Network
|
-
|
-
|
ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-40621
|
2026-05-14 00:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2237
|
9.8 |
CRITICAL
Network
|
-
|
-
|
ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authenticati…
|
CWE-78
OS Command
|
CVE-2026-42062
|
2026-05-14 00:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2238
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another adminis…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42948
|
2026-05-14 00:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2239
|
4.3 |
MEDIUM
Network
|
-
|
-
|
ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may be…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-42950
|
2026-05-14 00:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2240
|
4.3 |
MEDIUM
Network
|
-
|
-
|
ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to…
|
CWE-344
Use of Invariant Value in Dynamically Changing Context
|
CVE-2026-42961
|
2026-05-14 00:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
