5.1

CVSS4.0

CVE-2026-27517 - Binardat 10G08-0800GSM Network Switch XSS

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized user input in the web interface, allowing an attacker to inject and execute arbitrary JavaScript in the context of an authenticated user.

📅 Published: Feb. 24, 2026, 3:06 p.m. 🔄 Last Modified: April 17, 2026, 4 p.m.

8.6

CVSS4.0

CVE-2026-27516 - Binardat 10G08-0800GSM Network Switch Plaintext Password Exposure

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext within the administrative interface and HTTP responses, allowing recovery of valid credentials.

📅 Published: Feb. 24, 2026, 3:05 p.m. 🔄 Last Modified: April 16, 2026, 4:30 p.m.

9.3

CVSS4.0

CVE-2026-27515 - Binardat 10G08-0800GSM Network Switch Predictable Session Identifiers

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions.

📅 Published: Feb. 24, 2026, 3:04 p.m. 🔄 Last Modified: April 16, 2026, 4:30 p.m.

9.3

CVSS4.0

CVE-2026-27507 - Binardat 10G08-0800GSM Network Switch Hard-coded Credentials

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded administrative credentials that cannot be changed by users. Knowledge of these credentials allows full administrative access to the device.

📅 Published: Feb. 24, 2026, 3:04 p.m. 🔄 Last Modified: April 17, 2026, 4 p.m.

8.7

CVSS4.0

CVE-2026-23678 - Binardat 10G08-0800GSM Network Switch Traceroute CLI Command Injection

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the %1a character into the hostname parameter, an authenticated attacker with…

📅 Published: Feb. 24, 2026, 3:03 p.m. 🔄 Last Modified: April 16, 2026, 4:30 p.m.

9.2

CVSS4.0

CVE-2026-27584 - ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints

Actual is a local-first personal finance tool. Prior to version 26.2.1, missing authentication middleware in the ActualBudget server component allows any unauthenticated user to query the SimpleFIN and Pluggy.ai integration endpoints and read sensitive bank account balance and transaction informati…

📅 Published: Feb. 24, 2026, 2:59 p.m. 🔄 Last Modified: April 16, 2026, 4:30 p.m.

4.9

CVSS3.1

CVE-2026-0402 - Post-Authentication Out-of-Bounds Read Leading to Firewall Crash

A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.

📅 Published: Feb. 24, 2026, 2:58 p.m. 🔄 Last Modified: April 18, 2026, 11 a.m.

8.6

CVSS4.0

CVE-2026-27732 - AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php

WWBN AVideo is an open source video platform. Prior to version 22.0, the `aVideoEncoder.json.php` API endpoint accepts a `downloadURL` parameter and fetches the referenced resource server-side without proper validation or an allow-list. This allows authenticated users to trigger server-side request…

📅 Published: Feb. 24, 2026, 2:56 p.m. 🔄 Last Modified: April 17, 2026, 4 p.m.

4.9

CVSS3.1

CVE-2026-0401 - Null Pointer Dereference Crash Vulnerability in SonicOS

A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.

📅 Published: Feb. 24, 2026, 2:55 p.m. 🔄 Last Modified: April 17, 2026, 4 p.m.

4.9

CVSS3.1

CVE-2026-0400 - Post-Authentication Format String Vulnerability Leading to Firewall Crash

A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.

📅 Published: Feb. 24, 2026, 2:54 p.m. 🔄 Last Modified: April 17, 2026, 4 p.m.
Total resulsts: 346283
Page 1172 of 34,629
« previous page » next page
Filters