|
1131
|
8.4 |
HIGH
Network
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can injec…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-6824
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1132
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials …
Update
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-7786
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1133
|
5.7 |
MEDIUM
Adjacent
|
-
|
-
|
The administrator account for the
Danelec MacGregor Voyage Data Recorder
web interface can directly edit sensitive files related to authentication, potentially changing the root password.
Update
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-40425
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1134
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range …
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-5768
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1135
|
8.3 |
HIGH
Adjacent
|
-
|
-
|
Danelec MacGregor Voyage Data Recorder
includes default accounts with hard-coded credentials.
Update
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-42929
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1136
|
8.3 |
HIGH
Adjacent
|
-
|
-
|
The Danelec MacGregor Voyage Data Recorder
device includes a default username and password, with no enforced password change.
Update
|
CWE-1392
Use of Default Credentials
|
CVE-2026-42941
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1137
|
5.4 |
MEDIUM
Adjacent
|
-
|
-
|
An authenticated
user can download a backup of the Danelec MacGregor Voyage Data Recorder
device which includes account data and password hashes.
Update
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-42951
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1138
|
5.4 |
MEDIUM
Adjacent
|
-
|
-
|
Danelec MacGregor Voyage Data Recorder
passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks.
Update
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2026-44611
|
2026-06-2 02:07 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1139
|
4.3 |
MEDIUM
Adjacent
|
-
|
-
|
Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory.
A logic error in the address…
New
|
CWE-823
Use of Out-of-range Pointer Offset
|
CVE-2026-34193
|
2026-06-2 02:07 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1140
|
- |
|
-
|
-
|
In certain scenarios when the admin has enabled Interactive Connectivity Establishment (ICE), a buffer overflow could enable
remote code execution on Poly Voice products on the Linux p…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-0826
|
2026-06-2 02:07 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
