|
3991
|
9.8 |
CRITICAL
Network
|
inhandnetworks
|
ir315_firmware
ir302_firmware
ir615_firmware
ir305_firmware
|
A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier…
|
CWE-77
Command Injection
|
CVE-2026-38703
|
2026-05-29 23:09 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3992
|
9.8 |
CRITICAL
Network
|
inhandnetworks
|
ir315_firmware
ir302_firmware
ir615_firmware
ir305_firmware
|
A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier ve…
|
CWE-77
Command Injection
|
CVE-2026-38707
|
2026-05-29 23:08 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3993
|
9.8 |
CRITICAL
Network
|
inhandnetworks
|
ir315_firmware
ir302_firmware
ir615_firmware
ir305_firmware
|
A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlie…
|
CWE-77
Command Injection
|
CVE-2026-38704
|
2026-05-29 23:08 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3994
|
8.6 |
HIGH
Network
|
-
|
-
|
Music Player Daemon (MPD) before version 0.24.11 contains a stack buffer overflow vulnerability in the pcm_unpack_24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt st…
|
CWE-193
Off-by-one Error
|
CVE-2026-49127
|
2026-05-29 23:07 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3995
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Music Player Daemon (MPD) before version 0.24.11 contains a CRLF injection vulnerability in the xspf_char_data function within the XSPF playlist plugin that allows attackers to embed literal CR/LF by…
|
CWE-93
CRLF Injection
|
CVE-2026-49130
|
2026-05-29 23:07 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3996
|
5.8 |
MEDIUM
Network
|
-
|
-
|
Music Player Daemon (MPD) before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPT_FOLLOWLOCATION is set without CURLOPT_REDIR_PROTOCOLS_STR, allow…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-49129
|
2026-05-29 23:07 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3997
|
4.1 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endp…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-10052
|
2026-05-29 23:06 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3998
|
2.7 |
LOW
Network
|
-
|
-
|
A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_secret, to be transmitted as plaintext in URL que…
|
CWE-598
Information Exposure Through Query Strings in GET Request
|
CVE-2026-10078
|
2026-05-29 23:06 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3999
|
7.7 |
HIGH
Network
|
-
|
-
|
A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN (Fully Qualified Domain Name) EndpointSlice tha…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42965
|
2026-05-29 23:06 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4000
|
7.4 |
HIGH
Network
|
-
|
-
|
A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows…
|
CWE-287
Improper Authentication
|
CVE-2026-46579
|
2026-05-29 23:06 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
