8.7
CVE-2026-27520 - Binardat 10G08-0800GSM Network Switch Base64-encoded Password Stored in Cookie
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can rec…
8.7
CVE-2026-27519 - Binardat 10G08-0800GSM Network Switch Hard-coded RC4 Encryption Key
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections.
5.1
CVE-2026-27518 - Binardat 10G08-0800GSM Network Switch CSRF
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated administrator into performing unauthorized configuration changes.
5.1
CVE-2026-27517 - Binardat 10G08-0800GSM Network Switch XSS
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized user input in the web interface, allowing an attacker to inject and execute arbitrary JavaScript in the context of an authenticated user.
8.6
CVE-2026-27516 - Binardat 10G08-0800GSM Network Switch Plaintext Password Exposure
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext within the administrative interface and HTTP responses, allowing recovery of valid credentials.
9.3
CVE-2026-27515 - Binardat 10G08-0800GSM Network Switch Predictable Session Identifiers
Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated sessions.
9.3
CVE-2026-27507 - Binardat 10G08-0800GSM Network Switch Hard-coded Credentials
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded administrative credentials that cannot be changed by users. Knowledge of these credentials allows full administrative access to the device.
8.7
CVE-2026-23678 - Binardat 10G08-0800GSM Network Switch Traceroute CLI Command Injection
Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the %1a character into the hostname parameter, an authenticated attacker with…
9.2
CVE-2026-27584 - ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints
Actual is a local-first personal finance tool. Prior to version 26.2.1, missing authentication middleware in the ActualBudget server component allows any unauthenticated user to query the SimpleFIN and Pluggy.ai integration endpoints and read sensitive bank account balance and transaction informati…
4.9
CVE-2026-0402 - Post-Authentication Out-of-Bounds Read Leading to Firewall Crash
A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.