|
3691
|
5.8 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-10517
|
2026-06-2 01:57 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3692
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints (mgmt.php, npcmd.php) that a…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-24444
|
2026-06-2 01:55 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3693
|
7.5 |
HIGH
Network
|
-
|
-
|
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/{filename} endpoint on Windows deployments that allows unauthenticated remote attack…
|
CWE-36
Absolute Path Traversal
|
CVE-2026-10044
|
2026-06-2 01:55 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3694
|
7.5 |
HIGH
Network
|
-
|
-
|
Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attac…
|
CWE-256
Plaintext Storage of a Password
|
CVE-2018-25396
|
2026-06-2 01:55 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3695
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules…
|
CWE-22
Path Traversal
|
CVE-2018-25421
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3696
|
8.2 |
HIGH
Network
|
-
|
-
|
MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attacke…
|
CWE-89
SQL Injection
|
CVE-2018-25422
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3697
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 byte…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-25423
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3698
|
8.2 |
HIGH
Network
|
-
|
-
|
Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters.…
|
CWE-89
SQL Injection
|
CVE-2018-25424
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3699
|
8.2 |
HIGH
Network
|
-
|
-
|
Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Attackers …
|
CWE-89
SQL Injection
|
CVE-2018-25425
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3700
|
8.5 |
HIGH
Network
|
-
|
-
|
OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can in…
|
CWE-89
SQL Injection
|
CVE-2026-49489
|
2026-06-2 01:55 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
