|
3421
|
9.8 |
CRITICAL
Network
|
dlink
|
di-8100_firmware
|
A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component POST Parameter Handler.…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7854
|
2026-05-7 02:39 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3422
|
7.2 |
HIGH
Network
|
dlink
|
di-8100_firmware
|
A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tggl_asp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of th…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7855
|
2026-05-7 02:38 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3423
|
7.2 |
HIGH
Network
|
dlink
|
di-8100_firmware
|
A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component Web Management Interface. Executing a manipulation of the argument Name c…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7856
|
2026-05-7 02:36 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3424
|
7.2 |
HIGH
Network
|
dlink
|
di-8100_firmware
|
A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /user_group.asp of the component CGI Handler. The manipulation leads to buffer…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7857
|
2026-05-7 02:28 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3425
|
9.8 |
CRITICAL
Network
|
nginxui
|
nginx_ui
|
Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker can claim the initial administrator account on a fresh nginx…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-42221
|
2026-05-7 02:17 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3426
|
6.5 |
MEDIUM
Network
|
nginxui
|
nginx_ui
|
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret.…
|
CWE-200
CWE-863
Information Exposure
Incorrect Authorization
|
CVE-2026-42220
|
2026-05-7 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3427
|
- |
|
-
|
-
|
Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths.
This issue affects AC2000: from 10.6 before releas…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-21661
|
2026-05-7 02:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3428
|
8.8 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both …
|
CWE-89
SQL Injection
|
CVE-2026-42237
|
2026-05-7 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3429
|
7.5 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42236
|
2026-05-7 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3430
|
8.8 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype …
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-42232
|
2026-05-7 02:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
