|
3661
|
9.8 |
CRITICAL
Network
|
litespeedtech
|
litespeed_cpanel_plugin
litespeed_whm_plugin
|
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpanel_jsona…
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-48172
|
2026-05-27 05:19 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3662
|
7.5 |
HIGH
Network
|
-
|
-
|
D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST req…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2018-25358
|
2026-05-27 05:16 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3663
|
8.2 |
HIGH
Network
|
-
|
-
|
code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP hea…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8890
|
2026-05-27 05:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3664
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
|
-
|
CVE-2026-8453
|
2026-05-27 05:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3665
|
3.1 |
LOW
Network
|
-
|
-
|
TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data (user a…
|
CWE-639
CWE-862
Authorization Bypass Through User-Controlled Key
Missing Authorization
|
CVE-2026-39967
|
2026-05-27 05:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3666
|
- |
|
-
|
-
|
A cross-site scripting vulnerability exists in Aterm. Arbitrary scripts may be executed in the web browser of a user accessing the web management interface via adjacent network.
|
CWE-79
Cross-site Scripting
|
CVE-2026-6059
|
2026-05-27 05:14 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3667
|
- |
|
-
|
-
|
An OS Command Injection vulnerability exists in Aterm. If a malicious third person gains administrator access to the product’s web console, they may be able to execute arbitrary OS commands via adjac…
|
CWE-78
OS Command
|
CVE-2026-8652
|
2026-05-27 05:14 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3668
|
8.5 |
HIGH
Network
|
-
|
-
|
A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the `reference` field…
|
CWE-88
Argument Injection
|
CVE-2026-3515
|
2026-05-27 05:06 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3669
|
7.8 |
HIGH
Local
|
-
|
-
|
A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious `config…
|
CWE-1066
Missing Serialization Control Element
|
CVE-2026-4372
|
2026-05-27 05:06 |
2026-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3670
|
- |
|
-
|
-
|
This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2026-9274
|
2026-05-27 05:04 |
2026-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
