|
4411
|
- |
|
-
|
-
|
The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized s…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-49200
|
2026-05-29 23:46 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4412
|
- |
|
-
|
-
|
The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating pers…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-49201
|
2026-05-29 23:46 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4413
|
7.5 |
HIGH
Network
|
-
|
-
|
Music Player Daemon (MPD) before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk pat…
|
CWE-22
Path Traversal
|
CVE-2026-49128
|
2026-05-29 23:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4414
|
8.2 |
HIGH
Network
|
-
|
-
|
phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verificatio…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-35675
|
2026-05-29 23:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4415
|
6.5 |
MEDIUM
Network
|
apache
|
ignite
|
Relative Path Traversal vulnerability in Apache Ignite REST API.
Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way.
This iss…
|
CWE-23
Relative Path Traversal
|
CVE-2025-48977
|
2026-05-29 23:11 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4416
|
9.8 |
CRITICAL
Network
|
inhandnetworks
|
ir315_firmware
ir302_firmware
ir615_firmware
ir305_firmware
|
A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier…
|
CWE-77
Command Injection
|
CVE-2026-38702
|
2026-05-29 23:09 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4417
|
9.8 |
CRITICAL
Network
|
inhandnetworks
|
ir315_firmware
ir302_firmware
ir615_firmware
ir305_firmware
|
A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier…
|
CWE-77
Command Injection
|
CVE-2026-38703
|
2026-05-29 23:09 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4418
|
9.8 |
CRITICAL
Network
|
inhandnetworks
|
ir315_firmware
ir302_firmware
ir615_firmware
ir305_firmware
|
A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier ve…
|
CWE-77
Command Injection
|
CVE-2026-38707
|
2026-05-29 23:08 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4419
|
9.8 |
CRITICAL
Network
|
inhandnetworks
|
ir315_firmware
ir302_firmware
ir615_firmware
ir305_firmware
|
A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlie…
|
CWE-77
Command Injection
|
CVE-2026-38704
|
2026-05-29 23:08 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4420
|
8.6 |
HIGH
Network
|
-
|
-
|
Music Player Daemon (MPD) before version 0.24.11 contains a stack buffer overflow vulnerability in the pcm_unpack_24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt st…
|
CWE-193
Off-by-one Error
|
CVE-2026-49127
|
2026-05-29 23:07 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
