|
3911
|
7.5 |
HIGH
Network
|
dbitnet
|
dbit_n300_t1_pro_firmware
|
Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-36957
|
2026-05-5 11:59 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3912
|
5.5 |
MEDIUM
Local
|
redhat
|
multicluster_engine_for_kubernetes
|
A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-sco…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2026-7163
|
2026-05-5 11:57 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3913
|
7.8 |
HIGH
Local
|
qt
|
qtdeclarative
|
Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution…
|
CWE-20
CWE-94
Improper Input Validation
Code Injection
|
CVE-2025-14576
|
2026-05-5 11:57 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3914
|
5.9 |
MEDIUM
Network
|
perldancer
|
dancer\
|
Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely.
The session id is generated from summing the character codepoints of the absolute pathname with the proce…
|
CWE-338
CWE-340
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Generation of Predictable Numbers or Identifiers
|
CVE-2026-5080
|
2026-05-5 11:54 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3915
|
5.3 |
MEDIUM
Network
|
asrmicro
|
asr1901_firmware
asr1903_firmware
|
NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation.
This vulnerability is associated with program files sip/utils/src/s…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42800
|
2026-05-5 11:54 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3916
|
9.8 |
CRITICAL
Network
|
asrmicro
|
asr1803_firmware
|
Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers.
This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C.
This issue affects …
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42799
|
2026-05-5 11:53 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3917
|
9.8 |
CRITICAL
Network
|
oppo
|
coloros_assistant
|
ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.
|
CWE-23
CWE-22
Relative Path Traversal
Path Traversal
|
CVE-2026-22070
|
2026-05-5 11:53 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3918
|
7.5 |
HIGH
Network
|
4d
|
server
|
Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adja…
|
CWE-611
XXE
|
CVE-2024-39847
|
2026-05-5 11:51 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3919
|
9.8 |
CRITICAL
Network
|
pylixm
|
django-mdeditor
|
All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary c…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2025-13030
|
2026-05-5 11:50 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3920
|
4.8 |
MEDIUM
Network
|
gnu
|
wget2
|
wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpos…
|
CWE-20
Improper Input Validation
|
CVE-2026-1858
|
2026-05-5 11:47 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
