|
391
|
9.8 |
CRITICAL
Network
|
progress
|
sitefinity
|
CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in f…
New
|
CWE-284
Improper Access Control
|
CVE-2026-7198
|
2026-06-4 21:43 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
392
|
8.8 |
HIGH
Network
|
progress
|
sitefinity
|
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote authenti…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7201
|
2026-06-4 21:42 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
393
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can pos…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2018-25384
|
2026-06-4 12:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
394
|
9.0 |
CRITICAL
Network
|
-
|
-
|
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is config…
Update
|
CWE-78
OS Command
|
CVE-2026-4408
|
2026-06-4 09:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
395
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
New
|
-
|
CVE-2026-2596
|
2026-06-4 08:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
396
|
7.8 |
HIGH
Local
|
google
|
android
|
In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges…
New
|
NVD-CWE-noinfo
CWE-20
Improper Input Validation
|
CVE-2025-22424
|
2026-06-4 07:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
397
|
8.4 |
HIGH
Local
|
-
|
-
|
Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog inter…
New
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2019-25718
|
2026-06-4 07:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
398
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet…
New
|
CWE-15
External Control of System or Configuration Setting
|
CVE-2019-25716
|
2026-06-4 07:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
399
|
9.1 |
CRITICAL
Network
|
github
|
cli
|
GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release …
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-48501
|
2026-06-4 06:06 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
400
|
4.9 |
MEDIUM
Network
|
macgregor
|
interschalt_vdr_g4e_firmware
|
The administrator account for the
Danelec MacGregor Voyage Data Recorder
web interface can directly edit sensitive files related to authentication, potentially changing the root password.
Update
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-40425
|
2026-06-4 05:54 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
