|
311
|
4.6 |
MEDIUM
Physics
|
-
|
-
|
Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 (V603) allow a p…
New
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2026-38571
|
2026-06-30 00:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsServerApp.exe, DnsServerApp.dll, TechnitiumLibrary.Net/Dns/DnsClient.cs components
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-36478
|
2026-06-30 00:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313
|
8.1 |
HIGH
Network
|
-
|
-
|
The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using the…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-31928
|
2026-06-30 00:16 |
2026-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314
|
7.5 |
HIGH
Network
|
-
|
-
|
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constru…
New
|
CWE-436
Interpretation Conflict
|
CVE-2026-13676
|
2026-06-30 00:16 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315
|
- |
|
-
|
-
|
SzafirHost verifies the downloaded native library archive with one JarFile parser (reading the Central Directory) but extracts native libraries with JarInputStream parser (reading sequentially from l…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-13165
|
2026-06-30 00:16 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316
|
- |
|
-
|
-
|
The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature verification disabled, then interpolates that string into three log statements before any validation …
New
|
CWE-117
Improper Output Neutralization for Logs
|
CVE-2026-12616
|
2026-06-30 00:16 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317
|
- |
|
-
|
-
|
libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size stack buffers wit…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-11979
|
2026-06-30 00:16 |
2026-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318
|
7.4 |
HIGH
Network
|
-
|
-
|
Zephyr's BSD-sockets getaddrinfo() implementation (subsys/net/lib/sockets/getaddrinfo.c) passes a pointer to a stack-allocated state object (struct getaddrinfo_state ai_state) as the user_data of an …
New
|
CWE-416
Use After Free
|
CVE-2026-10646
|
2026-06-30 00:16 |
2026-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319
|
4.2 |
MEDIUM
Adjacent
|
-
|
-
|
The Microchip SERCOM-G1 UART driver (drivers/serial/uart_mchp_sercom_g1.c), used by the PIC32CM-JH SoC family, contains an out-of-bounds write in its asynchronous (DMA) receive path. When uart_rx_ena…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-10644
|
2026-06-30 00:16 |
2026-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
320
|
8.7 |
HIGH
Local
|
-
|
-
|
Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()) validated the user-supplied ancillary (msg_control) buffer using only the payload length (msg-msg…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-10643
|
2026-06-30 00:16 |
2026-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
