|
4511
|
6.2 |
MEDIUM
Local
|
mercurycom
|
mipc252w_firmware
|
The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication paramete…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-35902
|
2026-05-5 22:40 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4512
|
9.8 |
CRITICAL
Network
|
mercurycom
|
mipc252w_firmware
|
MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authentication in an initial DESCRIBE request, …
|
CWE-287
Improper Authentication
|
CVE-2026-35903
|
2026-05-5 22:39 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4513
|
7.2 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub_408F90 of the file /cgi/iux_set.cgi of the component ApplyRestore Endpoint. This manipulatio…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7833
|
2026-05-5 22:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4514
|
7.0 |
HIGH
Local
|
-
|
-
|
A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attackin…
|
CWE-59
CWE-61
Link Following
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-7832
|
2026-05-5 22:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4515
|
8.7 |
HIGH
Network
|
-
|
-
|
Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulner…
|
CWE-89
SQL Injection
|
CVE-2026-35228
|
2026-05-5 22:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4516
|
8.8 |
HIGH
Network
|
sailpoint
|
identityiq
|
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned…
|
CWE-863
Incorrect Authorization
|
CVE-2026-5712
|
2026-05-5 21:48 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4517
|
7.1 |
HIGH
Local
|
dell
|
dell\/alienware_purchased_apps
|
Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could p…
|
CWE-59
Link Following
|
CVE-2026-27105
|
2026-05-5 21:37 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4518
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Betheme theme for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 28.4. This is due to the upload_icons() function workflow using a user-controlled upload pat…
|
CWE-22
Path Traversal
|
CVE-2026-6262
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4519
|
8.8 |
HIGH
Network
|
-
|
-
|
The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the upload_icons() function workflow moving and unzipping user-controlled…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-6261
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4520
|
7.5 |
HIGH
Network
|
-
|
-
|
OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that accepts oversized frames without proper validation. Remote attacke…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42437
|
2026-05-5 21:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
