|
111
|
- |
|
-
|
-
|
OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on eac…
New
|
CWE-772
CWE-775
Missing Release of Resource after Effective Lifetime
Missing Release of File Descriptor or Handle after Effective Lifetime
|
CVE-2026-45287
|
2026-06-5 01:23 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
112
|
- |
|
-
|
-
|
Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via …
New
|
-
|
CVE-2026-35904
|
2026-06-5 01:23 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
113
|
- |
|
-
|
-
|
T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account.
New
|
-
|
CVE-2026-35905
|
2026-06-5 01:23 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
114
|
9.6 |
CRITICAL
Network
|
-
|
-
|
An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HT…
New
|
CWE-78
OS Command
|
CVE-2026-35906
|
2026-06-5 01:23 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
115
|
8.8 |
HIGH
Network
|
-
|
-
|
Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects WriteUp Mo…
New
|
CWE-284
CWE-862
Improper Access Control
Missing Authorization
|
CVE-2026-5228
|
2026-06-5 01:23 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
116
|
9.9 |
CRITICAL
Network
|
-
|
-
|
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-41283
|
2026-06-5 01:21 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
117
|
- |
|
-
|
-
|
A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit(). When processing edit requests, the applica…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-10868
|
2026-06-5 01:20 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
118
|
8.8 |
HIGH
Network
|
-
|
-
|
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `configUpdate` as a state-changing administrator endpoint, but the route does not enforc…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-43985
|
2026-06-5 01:20 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
119
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZE_SCHEMA, Memo Rendering Component, and Public/Private Memo View …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-30586
|
2026-06-5 01:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
120
|
5.0 |
MEDIUM
Local
|
-
|
-
|
A NULL pointer dereference in the gf_filter_pid_resolve_file_template_ex function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS)…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-60477
|
2026-06-5 01:18 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
