|
1811
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argume…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7156
|
2026-04-29 05:24 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1812
|
7.8 |
HIGH
Local
|
dell
|
alienware_command_center
|
Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged attacker with local access could potentially exploit this vulnera…
|
CWE-272
Least Privilege Violation
|
CVE-2026-32655
|
2026-04-29 05:13 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1813
|
7.8 |
HIGH
Local
|
dell
|
alienware_command_center
|
Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulnerability in the AWCC. A low privileged attacker with local access could potenti…
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-25908
|
2026-04-29 05:12 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1814
|
- |
|
-
|
-
|
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered.
This…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5362
|
2026-04-29 05:11 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1815
|
7.1 |
HIGH
Adjacent
|
-
|
-
|
A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-28747
|
2026-04-29 05:11 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1816
|
5.0 |
MEDIUM
Adjacent
|
-
|
-
|
When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker.
Affected: Spring Boot 4.0.0–4.0.5 (fix …
|
CWE-295
Improper Certificate Validation
|
CVE-2026-40971
|
2026-04-29 05:11 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1817
|
7.2 |
HIGH
Network
|
-
|
-
|
Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillm…
|
CWE-94
Code Injection
|
CVE-2026-7191
|
2026-04-29 05:11 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1818
|
9.4 |
CRITICAL
Network
|
-
|
-
|
The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism,
allowing an attacker with network access to directly access and modify
its configuration and operational functions without needi…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-3893
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1819
|
- |
|
-
|
-
|
A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request.
|
CWE-694
Use of Multiple Resources with Duplicate Identifier
|
CVE-2026-5794
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1820
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to
trigger improper handling of XML input, which may result in unintended
exposure of sensitive information. The flaw stems from in…
|
CWE-611
XXE
|
CVE-2026-6807
|
2026-04-29 05:10 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
