|
2761
|
9.6 |
CRITICAL
Network
|
microsoft
|
partner_center
|
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
|
CWE-284
Improper Access Control
|
CVE-2026-24303
|
2026-04-28 21:11 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2762
|
10.0 |
CRITICAL
Network
|
microsoft
|
entra_id
|
Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-35431
|
2026-04-28 21:10 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2763
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
tracing: Drain deferred trigger frees if kthread creation fails
Boot-time trigger registration can fail before the trigger-data c…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31481
|
2026-04-28 20:38 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2764
|
7.5 |
HIGH
Network
|
-
|
-
|
An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-3323
|
2026-04-28 20:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2765
|
6.7 |
MEDIUM
Local
|
-
|
-
|
AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitra…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2026-7280
|
2026-04-28 19:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2766
|
7.8 |
HIGH
Local
|
-
|
-
|
AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code executio…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-7279
|
2026-04-28 19:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2767
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Th…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7244
|
2026-04-28 18:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2768
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulatio…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7243
|
2026-04-28 18:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2769
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipul…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7242
|
2026-04-28 18:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2770
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipula…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7241
|
2026-04-28 18:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
