Total
363366 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-38936 | 2026-07-05 | N/A | 6.1 MEDIUM | ||
| A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter | |||||
| CVE-2026-38935 | 2026-07-05 | N/A | 6.1 MEDIUM | ||
| A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter | |||||
| CVE-2026-38934 | 2026-07-05 | N/A | 8.8 HIGH | ||
| Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settings_process.php | |||||
| CVE-2026-38931 | 2026-07-05 | N/A | 5.4 MEDIUM | ||
| A stored cross-site scripting (XSS) vulnerability in the /admin/config-module.php component of creatorsofcode simplephp GitHub commit 5184cff (Latest as of 2026-02-27) via injecting a crafted payload. | |||||
| CVE-2026-38930 | 2026-07-05 | N/A | 6.5 MEDIUM | ||
| OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the name cookie parameter. | |||||
| CVE-2026-36356 | 2026-07-05 | N/A | 9.1 CRITICAL | ||
| The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint. | |||||
| CVE-2026-36239 | 2026-07-05 | N/A | 4.3 MEDIUM | ||
| PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality | |||||
| CVE-2026-36182 | 2026-07-05 | N/A | 9.8 CRITICAL | ||
| GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack. | |||||
| CVE-2026-36180 | 2026-07-05 | N/A | 4.6 MEDIUM | ||
| A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack. | |||||
| CVE-2026-36178 | 2026-07-05 | N/A | 4.6 MEDIUM | ||
| The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data. | |||||
| CVE-2026-36176 | 2026-07-05 | N/A | 7.1 HIGH | ||
| GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface. | |||||
| CVE-2026-36175 | 2026-07-05 | N/A | 6.8 MEDIUM | ||
| An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments. | |||||
| CVE-2026-36174 | 2026-07-05 | N/A | 4.6 MEDIUM | ||
| GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface. | |||||
| CVE-2026-30695 | 2026-07-05 | N/A | 6.1 MEDIUM | ||
| A Cross-Site Scripting (XSS) vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter of the /file_manager.cgi endpoint. | |||||
| CVE-2026-30603 | 2026-07-05 | N/A | 6.8 MEDIUM | ||
| An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, install backdoors, and exfiltrate data via supplying a crafted iu.sh script contained in an SD card. | |||||
| CVE-2026-30463 | 1 Thedaylightstudio | 1 Fuel Cms | 2026-07-05 | N/A | 7.7 HIGH |
| Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component. | |||||
| CVE-2026-30462 | 2026-07-05 | N/A | 4.3 MEDIUM | ||
| A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal. | |||||
| CVE-2026-30461 | 1 Thedaylightstudio | 1 Fuel Cms | 2026-07-05 | N/A | 8.3 HIGH |
| Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule. | |||||
| CVE-2026-30460 | 1 Thedaylightstudio | 1 Fuel Cms | 2026-07-05 | N/A | 8.8 HIGH |
| Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module. | |||||
| CVE-2026-30459 | 1 Thedaylightstudio | 1 Fuel Cms | 2026-07-05 | N/A | 7.1 HIGH |
| An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message. | |||||
