|
1381
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted
archives to be accepted, enabling attackers to plant and execute code
and obtain a reverse shell.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-35546
|
2026-04-21 04:05 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1382
|
8.8 |
HIGH
Network
|
-
|
-
|
Anviz CX2 Lite is vulnerable to an authenticated command injection via a
filename parameter that enables arbitrary command execution (e.g.,
starting telnetd), resulting in root‑level access.
|
CWE-77
Command Injection
|
CVE-2026-35682
|
2026-04-21 04:05 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1383
|
8.8 |
HIGH
Network
|
-
|
-
|
Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The
device unpacks and executes a script resulting in unauthenticated remote
code execution.
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2026-40066
|
2026-04-21 04:05 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1384
|
8.1 |
HIGH
Adjacent
|
-
|
-
|
Anviz CrossChex Standard
lacks source verification in the client/server channel, enabling TCP
packet injection by an attacker on the same network to alter or disrupt
application traffic.
|
CWE-940
Improper Verification of Source of a Communication Channel
|
CVE-2026-40434
|
2026-04-21 04:05 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1385
|
7.5 |
HIGH
Network
|
-
|
-
|
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug
settings (e.g., enabling SSH), allowing unauthorized state changes that
can facilitate later compromise.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-40461
|
2026-04-21 04:05 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1386
|
7.8 |
HIGH
Local
|
-
|
-
|
radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW_TAG_formal_pa…
|
CWE-78
OS Command
|
CVE-2026-40527
|
2026-04-21 04:05 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1387
|
6.9 |
MEDIUM
Local
|
-
|
-
|
In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conduct…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-41253
|
2026-04-21 04:05 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1388
|
8.2 |
HIGH
Network
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes s…
|
CWE-119
CWE-787
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Write
|
CVE-2026-27890
|
2026-04-21 04:03 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1389
|
7.5 |
HIGH
Network
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared stru…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-28212
|
2026-04-21 04:03 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1390
|
- |
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when …
|
CWE-190
CWE-835
Integer Overflow or Wraparound
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-28214
|
2026-04-21 04:03 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
