|
4391
|
8.8 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipul…
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-9628
|
2026-05-29 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4392
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /parcel_list.php. Performing a manipulation of the argument s results …
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-9607
|
2026-05-29 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4393
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. E…
|
CWE-200
CWE-209
Information Exposure
Information Exposure Through an Error Message
|
CVE-2026-9583
|
2026-05-29 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4394
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such mani…
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-9562
|
2026-05-29 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4395
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argu…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-9511
|
2026-05-29 01:16 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4396
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available.
The random_bytes function fell back to using the built-in rand() function when…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-8647
|
2026-05-29 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4397
|
7.5 |
HIGH
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware skips authorization for…
|
CWE-862
Missing Authorization
|
CVE-2026-48151
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4398
|
8.1 |
HIGH
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.39.0, the Budibase Text component renders markdown by assigning marked.parse(markdown) straight to innerHTML with no sanitizer (packages/bbui/…
|
CWE-79
Cross-site Scripting
|
CVE-2026-48149
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4399
|
7.7 |
HIGH
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetch(config.url) with no SSRF protection.…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-48146
|
2026-05-29 01:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4400
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections.
The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted…
|
CWE-93
CRLF Injection
|
CVE-2026-46740
|
2026-05-29 01:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
