|
3511
|
7.2 |
HIGH
Network
|
dlink
|
di-8100_firmware
|
A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /user_group.asp of the component CGI Handler. The manipulation leads to buffer…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7857
|
2026-05-7 02:28 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3512
|
9.8 |
CRITICAL
Network
|
nginxui
|
nginx_ui
|
Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker can claim the initial administrator account on a fresh nginx…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-42221
|
2026-05-7 02:17 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3513
|
6.5 |
MEDIUM
Network
|
nginxui
|
nginx_ui
|
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret.…
|
CWE-200
CWE-863
Information Exposure
Incorrect Authorization
|
CVE-2026-42220
|
2026-05-7 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3514
|
- |
|
-
|
-
|
Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths.
This issue affects AC2000: from 10.6 before releas…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-21661
|
2026-05-7 02:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3515
|
8.8 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both …
|
CWE-89
SQL Injection
|
CVE-2026-42237
|
2026-05-7 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3516
|
7.5 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42236
|
2026-05-7 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3517
|
8.8 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype …
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-42232
|
2026-05-7 02:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3518
|
8.8 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prot…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-42231
|
2026-05-7 02:14 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3519
|
7.5 |
HIGH
Network
|
miyagawa
|
starman
|
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence.
Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both hea…
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-40560
|
2026-05-7 01:35 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3520
|
4.3 |
MEDIUM
Network
|
jenkins
|
script_security
|
A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths.
|
CWE-862
Missing Authorization
|
CVE-2026-42519
|
2026-05-7 01:33 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
