|
1161
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file …
|
CWE-200
CWE-538
Information Exposure
File and Directory Information Exposure
|
CVE-2026-7071
|
2026-04-27 10:16 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1162
|
9.3 |
CRITICAL
Network
|
-
|
-
|
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An att…
|
CWE-656
Reliance on Security Through Obscurity
|
CVE-2026-42363
|
2026-04-27 09:16 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1163
|
7.5 |
HIGH
Network
|
libexpat_project
|
libexpat
|
libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
|
CWE-331
Insufficient Entropy
|
CVE-2026-41080
|
2026-04-27 07:17 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1164
|
7.1 |
HIGH
Network
|
elog_project
|
elog
|
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attac…
|
CWE-862
Missing Authorization
|
CVE-2025-64348
|
2026-04-27 04:26 |
2025-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1165
|
7.1 |
HIGH
Network
|
elog_project
|
elog
|
ELOG permite a un usuario autenticado modificar o sobrescribir el archivo de configuración, resultando en denegación de servicio. Si la función de ejecución está específicamente habilitada con el ind…
|
CWE-862
Missing Authorization
|
CVE-2025-64348
|
2026-04-27 04:26 |
2025-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1166
|
9.8 |
CRITICAL
Network
|
newforma
|
project_center
|
Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AU…
|
CWE-306
CWE-502
Missing Authentication for Critical Function
Deserialization of Untrusted Data
|
CVE-2025-35051
|
2026-04-27 04:04 |
2025-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1167
|
- |
|
-
|
-
|
The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not p…
|
CWE-1393
Use of Default Password
|
CVE-2025-26793
|
2026-04-27 03:56 |
2025-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1168
|
- |
|
-
|
-
|
El panel de configuración de la interfaz gráfica de usuario web de Hirsch (anteriormente Identiv y Viscount) Enterphone MESH hasta 2024 se entrega con credenciales predeterminadas (nombre de usuario …
|
CWE-1393
Use of Default Password
|
CVE-2025-26793
|
2026-04-27 03:56 |
2025-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1169
|
- |
|
-
|
-
|
Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system.
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2025-1790
|
2026-04-27 03:49 |
2026-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1170
|
- |
|
-
|
-
|
Escalada de privilegios local en el plugin Genetec Sipelia. Un usuario de Windows autenticado con bajos privilegios podría explotar esta vulnerabilidad para obtener privilegios elevados en el sistema…
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2025-1790
|
2026-04-27 03:49 |
2026-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
