|
301
|
7.2 |
HIGH
Network
|
-
|
-
|
A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a bac…
New
|
CWE-78
OS Command
|
CVE-2026-55975
|
2026-06-30 00:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302
|
7.5 |
HIGH
Network
|
-
|
-
|
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores the SSID allowlist for internal networks. The app us…
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-55844
|
2026-06-30 00:16 |
2026-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303
|
7.1 |
HIGH
Local
|
-
|
-
|
acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file() that allows l…
New
|
CWE-59
Link Following
|
CVE-2026-54369
|
2026-06-30 00:16 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304
|
- |
|
-
|
-
|
GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single executi…
New
|
CWE-126
Buffer Over-read
|
CVE-2026-41992
|
2026-06-30 00:16 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305
|
- |
|
-
|
-
|
GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a tem…
New
|
CWE-377
Insecure Temporary File
|
CVE-2026-41991
|
2026-06-30 00:16 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306
|
8.1 |
HIGH
Network
|
-
|
-
|
FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SA_GLANALYTIC permission to execute arbitrary SQL queri…
New
|
CWE-89
SQL Injection
|
CVE-2026-40523
|
2026-06-30 00:16 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307
|
7.1 |
HIGH
Network
|
-
|
-
|
FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SEL…
New
|
CWE-89
CWE-916
SQL Injection
Use of Password Hash With Insufficient Computational Effort
|
CVE-2026-40522
|
2026-06-30 00:16 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. …
New
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-39031
|
2026-06-30 00:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafted shared library.
New
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-38641
|
2026-06-30 00:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of Service (DoS) via parsing a crafted input.
New
|
CWE-20
Improper Input Validation
|
CVE-2026-38639
|
2026-06-30 00:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
