|
701
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system_tag view due to improper neutralization of special elements in a SQL SELECT command. This ca…
New
|
CWE-89
SQL Injection
|
CVE-2026-40847
|
2026-05-27 23:53 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
702
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the tag view due to improper neutralization of special elements in a SQL SELECT command. This can resul…
New
|
CWE-89
SQL Injection
|
CVE-2026-40848
|
2026-05-27 23:53 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
703
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the user_alarmprofile view due to improper neutralization of special elements in a SQL SELECT command. …
New
|
CWE-89
SQL Injection
|
CVE-2026-40849
|
2026-05-27 23:53 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
704
|
7.5 |
HIGH
Network
|
-
|
-
|
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command…
New
|
CWE-89
SQL Injection
|
CVE-2026-40850
|
2026-05-27 23:53 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
705
|
8.4 |
HIGH
Local
|
-
|
-
|
A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity …
New
|
CWE-1287
Improper Validation of Specified Type of Input
|
CVE-2026-40851
|
2026-05-27 23:53 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
706
|
7.2 |
HIGH
Network
|
-
|
-
|
A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it …
New
|
CWE-78
OS Command
|
CVE-2026-40852
|
2026-05-27 23:53 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
707
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access sensitive user data.
New
|
CWE-285
Improper Authorization
|
CVE-2025-43289
|
2026-05-27 23:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
708
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file …
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2025-43290
|
2026-05-27 23:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
709
|
7.8 |
HIGH
Local
|
-
|
-
|
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges.
New
|
CWE-269
Improper Privilege Management
|
CVE-2025-43306
|
2026-05-27 23:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
710
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
New
|
CWE-284
Improper Access Control
|
CVE-2025-43451
|
2026-05-27 23:51 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
