0.0

CVE-2026-38651 -

Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jwts.go fails to validate the JWT signature when verifying host tokens. An attacker can forge a JWT signed with any arbitrary key and use it to impersonate any host in the network, …

πŸ“… Published: April 28, 2026, midnight πŸ”„ Last Modified: April 28, 2026, 3:44 p.m.

0.0

CVE-2026-37750 -

A reflected Cross-Site Scripting (XSS) vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php.

πŸ“… Published: April 28, 2026, midnight πŸ”„ Last Modified: April 28, 2026, 7:49 p.m.

0.0

CVE-2026-38948 -

Cross-Site Scripting (XSS) vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-privileged authenticated user to upload a crafted SVG file containing malicious code.

πŸ“… Published: April 28, 2026, midnight πŸ”„ Last Modified: April 28, 2026, 3:55 p.m.

8.1

CVSS3.1

CVE-2026-42167 -

mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).

πŸ“… Published: April 28, 2026, midnight πŸ”„ Last Modified: April 28, 2026, 10:09 p.m.

9.8

CVSS3.1

CVE-2026-42208 - LiteLLM: LiteLLM: Unauthorized data access and modification via SQL injection

A flaw was found in LiteLLM. A database query used for proxy API key checks incorrectly incorporated caller-supplied key values directly into the query. This vulnerability allows an unauthenticated attacker to send a specially crafted Authorization header to any Large Language Model (LLM) API route…

πŸ“… Published: April 28, 2026, midnight πŸ”„ Last Modified: April 28, 2026, midnight

8.6

CVSS4.0

CVE-2026-20766 - Milesight Cameras Heap-based Buffer Overflow

An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.

πŸ“… Published: April 27, 2026, 11:45 p.m. πŸ”„ Last Modified: April 28, 2026, 2:39 p.m.

9.3

CVSS4.0

CVE-2026-7202 - Totolink A8000RU CGI cstecgi.cgi setWiFiWpsStart os command injection

A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The expl…

πŸ“… Published: April 27, 2026, 11:45 p.m. πŸ”„ Last Modified: April 29, 2026, 2:13 p.m.

7.3

CVSS4.0

CVE-2026-32649 - Milesight Cameras OS Command Injection

A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras.

πŸ“… Published: April 27, 2026, 11:42 p.m. πŸ”„ Last Modified: April 28, 2026, 2:42 p.m.

9.2

CVSS4.0

CVE-2026-32644 - Milesight Cameras Use of Hard-coded Cryptographic Key

Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.

πŸ“… Published: April 27, 2026, 11:40 p.m. πŸ”„ Last Modified: April 28, 2026, 2:45 p.m.

7.7

CVSS4.0

CVE-2026-27785 - Milesight Cameras Use of Hard-coded Credentials

Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials.

πŸ“… Published: April 27, 2026, 11:38 p.m. πŸ”„ Last Modified: April 28, 2026, 9:16 a.m.
Total resulsts: 347742
Page 90 of 34,775
Β« previous page Β» next page
Filters