https://hostettler.pro/cves.html CVE disclosures by Lennart Hostettler — Security Engineer & Penetration Tester en https://hostettler.pro/posts/gymone-sqli.html https://hostettler.pro/posts/gymone-sqli.html Fri, 12 Jun 2026 00:00:00 +0000 CVSS 6.5 (Medium) — CVE-2026-55871 — SQL Injection in GYM-One v1.1.0 https://hostettler.pro/posts/gymone-stored-xss.html https://hostettler.pro/posts/gymone-stored-xss.html Fri, 12 Jun 2026 00:00:00 +0000 CVSS 8.7 (High) — CVE-2026-55872 — Stored XSS in GYM-One v1.1.0 https://hostettler.pro/posts/rpi-dashboard-auth-bypass.html https://hostettler.pro/posts/rpi-dashboard-auth-bypass.html Fri, 12 Jun 2026 00:00:00 +0000 CVSS 9.8 (Critical) — Missing Authorization / Auth Bypass in Raspberry Pi Dashboard https://hostettler.pro/posts/rpi-dashboard-rce.html https://hostettler.pro/posts/rpi-dashboard-rce.html Fri, 12 Jun 2026 00:00:00 +0000 CVSS 9.8 (Critical) — OS Command Injection / RCE in Raspberry Pi Dashboard