|
2661
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpoint. The username field is not properly sanitized before being incorporated into a SQL query, allowing an unauthenticat…
|
CWE-89
SQL Injection
|
CVE-2026-10880
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2662
|
7.5 |
HIGH
Network
|
-
|
-
|
nvm (Node Version Manager) through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as `nvm install` read the available versions …
|
CWE-78
OS Command
|
CVE-2026-10796
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2663
|
8.2 |
HIGH
Network
|
-
|
-
|
An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the at_command.asp interface
|
-
|
CVE-2025-69755
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2664
|
7.1 |
HIGH
Network
|
-
|
-
|
The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before storing and displaying the…
|
-
|
CVE-2025-67448
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2665
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address …
|
-
|
CVE-2025-67447
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2666
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie…
|
CWE-384
Session Fixation
|
CVE-2025-67446
|
2026-06-5 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2667
|
2.7 |
LOW
Network
|
element
|
synapse
|
Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full h…
|
CWE-20
Improper Input Validation
|
CVE-2026-45076
|
2026-06-5 03:04 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2668
|
9.9 |
CRITICAL
Network
|
flowintel
|
flowintel
|
FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-9813
|
2026-06-5 03:03 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2669
|
5.4 |
MEDIUM
Network
|
appsmith
|
appsmith
|
Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a …
|
CWE-79
Cross-site Scripting
|
CVE-2026-7299
|
2026-06-5 02:41 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2670
|
6.5 |
MEDIUM
Adjacent
|
tp-link
|
tapo_c200_firmware
|
TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted …
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-1871
|
2026-06-5 02:41 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
