|
1521
|
9.9 |
CRITICAL
Network
|
-
|
-
|
In Apache Iceberg, the table's metadata files are control files: they tell readers
which data files belong to the table and which table version to read.
`write.metadata.path` is an optional table …
|
CWE-20
CWE-284
CWE-732
CWE-863
Improper Input Validation
Improper Access Control
Incorrect Permission Assignment for Critical Resource
Incorrect Authorization
|
CVE-2026-42812
|
2026-05-6 04:32 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1522
|
7.8 |
HIGH
Local
|
-
|
-
|
Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to …
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-7791
|
2026-05-6 04:32 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1523
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPU…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7682
|
2026-05-6 04:30 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1524
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserNam…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7683
|
2026-05-6 04:30 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1525
|
8.8 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway leads to buffe…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7684
|
2026-05-6 04:30 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1526
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway results in buffer ove…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7685
|
2026-05-6 04:30 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1527
|
3.7 |
LOW
Network
|
-
|
-
|
A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dol_verifyHash in the library htdocs/core/lib/security.lib.php of the component Online Si…
|
CWE-345
CWE-347
Insufficient Verification of Data Authenticity
Improper Verification of Cryptographic Signature
|
CVE-2026-7689
|
2026-05-6 04:30 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1528
|
7.5 |
HIGH
Network
|
-
|
-
|
The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in al…
|
CWE-89
SQL Injection
|
CVE-2026-7649
|
2026-05-6 04:19 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1529
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wpr_update_form_action_meta` AJAX action in all versio…
|
CWE-862
Missing Authorization
|
CVE-2026-4024
|
2026-05-6 04:19 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1530
|
7.2 |
HIGH
Network
|
-
|
-
|
The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce v…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5324
|
2026-05-6 04:19 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
