#vulnerability
742 articles
CVE-2019-25729: PDF Signer 3.0 contains a server-side template injection vulnerability that allows...
PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter...
CVE-2019-25727: WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that...
WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers ...
CVE-2019-25738: WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that...
WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc_ajax_save_option action...
CVE-2019-25741: Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow...
Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code....
CVE-2026-10840: A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding...
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources ...
CVE-2026-4104: Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics...
Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: fr...
CVE-2026-20230: SSRF and Arbitrary File Write in Cisco Unified CM (CUCM)
A public PoC was released for CVE-2026-20230 in Cisco Unified Communications Manager. Insufficient input validation in the WebDialer component enables remote SSRF and arbitrary file write....
CVE-2026-8037: OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows...
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting uns...
CVE-2026-41283: Remote Code Execution in OpenStack Mistral
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials....
CVE-2026-9614: Privilege Escalation in Ivanti Neurons for ITSM
An authenticated attacker can gain elevated privileges on Ivanti Neurons for ITSM, potentially gaining unauthorized access to sensitive platform functions and data....
CVE-2010-0249: 2010 Vulnerability Now Actively Exploited (Microsoft)
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted p...
CVE-2025-14771: Files accessible to external parties in ABB T-MAC Plus
Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24....
CVE-2026-35075: Hard-coded password in MBS Universal Gateway (UGW)
An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices....
CVE-2026-36576: OS command injection in openlabs docker-wkhtmltopdf-aas
An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request....
CVE-2026-36748: Stored XSS in Spark Development Network Rock RMS
RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile....
CVE-2026-4035: Server-side credential exfiltration in MLflow
A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environme...
CVE-2026-47065: Deserialization filter bypass in Apache MINA
ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TC_PROXYCLASSDESC (the mar...
CVE-2018-25427: Stack-based buffer overflow in Arm Whois Whois
Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can...
CVE-2022-0492: 2022 Vulnerability Now Actively Exploited (Linux)
Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature....
CVE-2025-48595: Android Framework Integer Overflow Vulnerability
Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation....
CVE-2025-53209: Privilege Escalation in Themeisle Masteriyo LMS PRO
Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0....
CVE-2026-10629: Missing IPsec integrity protection in Verizon IMS
SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Security-Server headers and ESP traffic), which allows an ...
CVE-2026-0611: Unauthenticated RCE in Spacelabs Healthcare Sentinel
Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed...
CVE-2026-40965: Private key exposure in Cloud Foundry UAA
Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) private keys are inadvertently exposed thro...
CVE-2026-42684: Blind SQL Injection in WordPress WP Job Portal (plugin)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a throug...
CVE-2026-47117: Remote code execution in OpenMed privacy-filter loader
OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied model...
CVE-2026-5076: Insecure password reset in WordPress ARMember Premium (plugin)
The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset ke...
CVE-2026-7198: Improper access control in Progress Sitefinity
CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in fu...
CVE-2026-7312: Insufficiently Protected Credentials in Progress Sitefinity
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441...
CVE-2026-8206: Account takeover in WordPress Kirki (plugin)
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugi...
CVE-2024-21182: 2024 Vulnerability Now Actively Exploited (Oracle)
Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vul...
CVE-2026-42672: Blind SQL Injection in WordPress WP Directory Kit plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit...
CVE-2026-42252: Command Injection in Apache Airflow
Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim `BashOperator(bash_command="echo value: {{ dag_run.conf['conf1'] }...
CVE-2026-42680: Privilege Escalation in WordPress Contest Gallery Pro plugin
Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 2...
CVE-2026-48188: Unauthenticated SQL Injection in OTRS
An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue on...
CVE-2026-42682: Missing Authorization in Tomdever wpForo Forum
Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6....
CVE-2026-48866: Path Traversal in WordPress Gravity Forms plugin
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a throu...
CVE-2026-7858: Unauthenticated RCE via Deserialization in Dassault Systemes Teamwork Cloud
A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x thro...
CVE-2026-48879: Privilege Escalation in Sergey AIWU
Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17....
CVE-2026-8644: IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing....
CVE-2026-9311: Remote Code Execution in IBM WebSphere Application Server
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls....
CVE-2026-9319: Remote code execution in IBM WebSphere Application Server
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security....
CVE-2026-10187: Stack-Based Buffer Overflow in Totolink N300RH
A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web Management Interface. Perfor...
CVE-2018-25412: Arbitrary File Upload in Delta Sql
Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form ...
CVE-2026-0257: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection....
CVE-2026-10042: Remote code execution in zyddnys manga-image-translator
manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execute/{m...
CVE-2026-10071: Arbitrary file upload in Interinfo DreamMaker
DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execu...
CVE-2026-3655: Authentication Bypass in WordPress OTP Login With Phone Number plugin
The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the `l...
CVE-2026-5386: Unauthenticated Password Reset in KMW CCTV Security Cameras
The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without a...
CVE-2026-7786: Hardcoded Credentials in PUSR USR-W610 Converter
PUSR (Jinan USR IOT) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter firmware contains plaintext administrative credentials embedded in the firmware image, extractable through firmware analysis....
CVE-2026-8732: Privilege Escalation in WordPress WP Maps Pro plugin
The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmp_temp_access_ajax AJA...
CVE-2026-8809: Privilege Escalation in WordPress Advanced Custom Fields: Extended plugin
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation via Validation Bypass in all versions up to and including 0.9.2.5. The vulnerability exists due to the a...
CVE-2026-9051: Authentication Bypass in NI SystemLink Enterprise
There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to pri...
CVE-2026-24444: Hardcoded password in SDMC NE6037
SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints (mgmt.php, npcmd.php) that al...
CVE-2026-32996: High-Severity Arbitrary File Write / Privilege Escalation in Veeam
Second high-severity vulnerability in the Veeam bundle - affects Service Provider Console (9.x < 9.2.0.33215) and Backup & Replication (13.x < 13.0.1.2067), allows arbitrary file write and escalation...
CVE-2026-32997: High-Severity Arbitrary File Write / Privilege Escalation in Veeam
High-severity vulnerability in Veeam Service Provider Console (9.x < 9.2.0.33215) and Veeam Backup & Replication (13.x < 13.0.1.2067) - allows arbitrary file write and privilege escalation...
CVE-2026-32998: Critical RCE in Veeam Service Provider Console and Backup & Replication
Critical RCE vulnerability in Veeam Service Provider Console (9.x < 9.2.0.33215) and Veeam Backup & Replication (13.x < 13.0.1.2067) - attackers can remotely execute code on backup management systems...
CVE-2026-32999: Code Injection in Comet Backup Server
Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affe...
CVE-2026-34926: Trend Micro Apex One Server Directory Traversal - Actively Exploited (ITW)
Directory traversal in Trend Micro Apex One Server (on-prem, builds < 17079) - a pre-authenticated local attacker with admin credentials can modify a key server table and inject malicious code into agents. Trend Micro confirms active in-the-wild exploitation...
CVE-2026-34927: Local Privilege Escalation in Trend Micro Apex One / Vision One SEP Agent
Origin validation vulnerability in Trend Micro Apex One / Vision One SEP agent (builds < 14.0.20731) - a local attacker with low privileges can escalate privileges. First of 7 similar LPEs in bulletin KA-0023430...
CVE-2026-34928: LPE in Trend Micro Apex One / Vision One SEP Agent (Named Pipe)
Origin validation vulnerability in another named pipe mechanism in the Apex One/SEP agent - LPE 7.8. Part of the 8-CVE set in bulletin KA-0023430...
CVE-2026-34929: LPE in Trend Micro Apex One / Vision One SEP Agent (IPC)
Origin validation vulnerability in another IPC mechanism in the Apex One/SEP agent - LPE 7.8. Third of 7 similar LPEs in bulletin KA-0023430...
CVE-2026-34930: LPE in Trend Micro Apex One / Vision One SEP Agent (Process Protection)
Origin validation vulnerability in another process protection mechanism in the Apex One/SEP agent - LPE 7.8. Fourth of 7 similar LPEs in bulletin KA-0023430...
CVE-2026-38702: Command injection in InHand Networks IR302
A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier ...
CVE-2026-38703: Command injection in InHand Networks IR302
A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier ...
CVE-2026-38704: Command injection in InHand Networks IR302
A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier...
CVE-2026-38707: Command injection in InHand Networks IR302
A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier ver...
CVE-2026-40701: High-Severity Denial of Service in NGINX (Bundle K000160932)
Denial of Service vulnerability in NGINX causing worker process crash, published alongside critical CVE-2026-42945 (RCE with public PoC) as part of F5 advisory K000160932...
CVE-2026-42934: High-Severity Out-of-Bounds Read in NGINX (Bundle K000160932)
Out-of-bounds read vulnerability in NGINX - may lead to disclosure of process memory contents (info disclosure). Published alongside critical CVE-2026-42945 in F5 advisory K000160932...
CVE-2026-42945: Critical RCE in NGINX ngx_http_rewrite_module (Public PoC Available)
Critical RCE vulnerability in NGINX ngx_http_rewrite_module present in source code since 2008 - heap buffer overflow in rewrite and set directive handling allows unauthenticated remote code execution...
CVE-2026-42946: High-Severity Use-After-Free in NGINX (Bundle K000160932)
Use-after-free vulnerability in NGINX published alongside critical CVE-2026-42945 (RCE with public PoC) - potentially allows remote code execution or destabilization of the worker process...
CVE-2026-4408: Remote command execution in Samba
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configu...
CVE-2026-45206: LPE in Trend Micro Apex One / Vision One SEP Agent
Origin validation vulnerability in another process protection communication mechanism in the Apex One/SEP agent - LPE 7.8. Fifth of 7 similar LPEs in bulletin KA-0023430...
CVE-2026-45207: LPE in Trend Micro Apex One / Vision One SEP Agent
Origin validation vulnerability in another process protection communication mechanism in the Apex One/SEP agent - LPE 7.8. Sixth of 7 similar LPEs in bulletin KA-0023430...
CVE-2026-45208: TOCTOU LPE in Trend Micro Apex One / Vision One SEP Agent
Time-of-Check Time-of-Use (TOCTOU, CWE-367) vulnerability in the Apex One/SEP agent - local privilege escalation. Last of 8 vulnerabilities in bulletin KA-0023430 (different class from the other 7 origin validation flaws)...
CVE-2026-42727: SQL injection in WordPress Active Products Tables for WooCommerce
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Bl...
CVE-2025-12686: Buffer overflow RCE in Synology BeeStation Manager
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation Manager (BSM) before 1.3.2-65648 and Synology BeeStation OS before 1.3.2-6564...
CVE-2026-42731: Privilege escalation in WordPress miniOrange OTP Verification
Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a ...
CVE-2026-42740: SQL injection in WordPress Tainacan plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a throug...
CVE-2026-42747: SQL injection in WordPress Easy Form Builder plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects E...
CVE-2026-42755: SQL Injection in WordPress TableOn plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: f...
CVE-2026-42748: Web shell upload in WordPress WPify Woo Czech plugin
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.1...
CVE-2026-42756: Path Traversal in WordPress QuickWebP plugin
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp allo...
CVE-2026-42757: Path Traversal in WordPress WebinarIgnition plugin
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects Webin...
CVE-2026-42758: Privilege Escalation in WordPress WebinarIgnition plugin
Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through < 4.08.253....
CVE-2026-42761: SQL Injection in WordPress Active Products Tables for WooCommerce
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Bl...
CVE-2026-48027: Nx Console Embedded Malicious Code Vulnerability
Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harveste...
CVE-2026-45321: TanStack Unspecified Vulnerability
TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity....
CVE-2026-7524: Remote code execution in IBM Langflow OSS
IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction....
CVE-2026-49002: Broken access control in Web Application Access Control Module
Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and mod...
CVE-2026-8175: Buffer overflow in IBM Aspera High-Speed Transfer Server
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected...
CVE-2026-8362: Stack buffer overflow in WOS HTTP Server
A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome...
CVE-2026-8363: Stack buffer overflow in WOS HTTP Server
A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources:...
CVE-2026-8364: Unauthenticated remote access in Gladinet Triofox
Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, ...
CVE-2026-8760: Authentication Bypass in WordPress Login with OTP plugin
The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout ch...
CVE-2026-8450: OS command injection in Perl HTTP::Daemon
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open(), which interprets magic prefixes that open a pipe to a subprocess...
CVE-2018-25350: Username enumeration in UserSpice
userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Att...
CVE-2018-25357: Remote code evaluation in Dolibarr ERP CRM
Dolibarr ERP CRM 7.0.3 contains a remote code evaluation vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers ca...
CVE-2026-23652: Command injection in Microsoft Power Pages
Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network....
CVE-2026-2651: Broken access control in MLflow artifact upload
A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce r...
CVE-2026-33843: Authentication bypass in Microsoft Azure Active Directory B2C
Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network....
CVE-2026-39821: Privilege escalation in Go golang.org/x/net/idna
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com"...
CVE-2026-40411: Improper Input Validation in Azure Virtual Network Gateway
Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network....
CVE-2026-41090: Command injection in Microsoft Copilot
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network....
CVE-2026-40412: Unrestricted File Upload in Azure Orbital Spatio
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network....
CVE-2026-41104: Untrusted Data Deserialization in Microsoft Planetary Computer Pro
Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network....
CVE-2026-42773: Blind SQL injection in eMagicOne Store Manager
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This issue affects eMagicOne Store ...
CVE-2026-42774: SQL injection in Crocoblock JetEngine
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.1...
CVE-2026-42901: Origin Validation Error in Microsoft Entra ID
Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network....
CVE-2026-44930: LDAP Injection in Apache CXF (XKMS server)
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended...
CVE-2026-45247: PHP object injection RCE in Mirasvit Full Page Cache Warmer
Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a...
CVE-2026-47280: Improper authentication in Microsoft Azure Resource Manager
Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network....
CVE-2026-48172: LiteSpeed cPanel Plugin Privilege Escalation Vulnerability
LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user account to execute arbitrary scripts with roo...
CVE-2026-7251: Hard-coded VNC password in Eppendorf BioFlo 320
Eppendorf BioFlo 320 is vulnerable to due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain fu...
CVE-2026-48689: Heap Buffer Overflow in FastNetMon Community Edition
FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class - incorrect bounds checks in five methods allow out-of-bounds write...
CVE-2026-7374: Symlink privilege escalation in KubeVirt virt-handler
A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when...
CVE-2026-8633: Remote code execution in IBM WebSphere Application Server
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code executio...
CVE-2026-8670: Session replay flaw in Syslink Software AG Avantra
Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1....
CVE-2026-9642: Unauthenticated Database Access in WellinTech DIAView (CVE-2025-62582 Bypass)
Incomplete fix for CVE-2025-62582 - an unauthenticated remote attacker can still access configured databases in a WellinTech DIAView project...
CVE-2026-9543: OS command injection in Totolink N300RH
A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipula...
CVE-2026-33000: Command injection in Ubiquiti UniFi OS
A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection....
CVE-2026-34908: Improper access control in Ubiquiti UniFi OS
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system....
CVE-2026-34909: Path traversal in Ubiquiti UniFi OS
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an unde...
CVE-2026-34910: Command injection in Ubiquiti UniFi OS
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection....
CVE-2026-6960: Arbitrary file upload in WordPress BookingPress Pro plugin
The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_func' function in all version...
CVE-2026-9082: Drupal Core SQL Injection Vulnerability
Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API....
CVE-2026-44050: Heap buffer overflow in Netatalk CNID daemon
A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause ...
CVE-2026-5433: Command injection in Honeywell Control Network Module (CNM)
Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command delimiters, potentially resulting in Remo...
CVE-2026-6279: Unauthenticated RCE in WordPress Avada Builder plugin
The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the `wp...
CVE-2008-4250: 2008 Vulnerability Now Actively Exploited (Microsoft)
Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow duri...
CVE-2009-1537: 2009 Vulnerability Now Actively Exploited (Microsoft)
Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a craft...
CVE-2009-3459: 2009 Vulnerability Now Actively Exploited (Adobe)
Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption....
CVE-2010-0806: 2010 Vulnerability Now Actively Exploited (Microsoft)
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion o...
CVE-2026-20223: Critical Authentication Bypass in Cisco Secure Workload
Critical access-validation vulnerability in Cisco Secure Workload internal REST APIs (3.9.x and earlier, 3.10.x < 3.10.8.3, 4.0.x < 4.0.3.17) - unauthenticated remote attacker can obtain Site Admin privileges...
CVE-2026-24207: Authentication bypass in NVIDIA Triton Inference Server
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of p...
CVE-2026-22314: Code Injection in Mesalvo Meona
Improper Control of Generation of Code ('Code Injection') vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables code execution on other users' systems. This ...
CVE-2026-41091: Microsoft Defender Link Following Vulnerability
Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally....
CVE-2026-45444: Arbitrary file upload in Gift Cards For WooCommerce Pro (plugin)
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files. This issue affects Gift Cards For WooCommerce Pro: from n/a thr...
CVE-2026-6555: Arbitrary File Upload in WordPress ProSolution WP Client (plugin)
The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is due to an array validation mismatch where only the first file in ...
CVE-2026-7284: Privilege escalation in Easy Elements for Elementor (plugin)
The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due t...
CVE-2026-7637: PHP Object Injection in WordPress Boost (plugin)
The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST_USER_LOCATION cookie. This make...
CVE-2026-8495: Missing Authorization in Drupal Date iCal
Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15....
CVE-2026-8598: Unauthenticated config export port in ZKTeco CCTV Camera
An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as ope...
CVE-2026-9139: Hard-coded credentials in Taiko AG1000-01A SMS Alert Gateway
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-s...
CVE-2026-9141: Authentication bypass in Taiko AG1000-01A SMS Alert Gateway
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access interna...
CVE-2026-2586: Authenticated RCE in Eclipse GlassFish Admin Console
An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of a...
CVE-2026-2587: Server-side EL injection RCE in Eclipse GlassFish
A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evalu...
CVE-2026-31986: Hard-coded cryptographic key in Apache OFBiz
Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue....
CVE-2026-2611: Improper origin validation RCE in MLflow Assistant
In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests fro...
CVE-2026-36829: Authentication bypass in Panabit PAP-XM320
An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check based o...
CVE-2026-41919: LDAP Injection in Apache OFBiz
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade...
CVE-2026-43633: Unauthenticated Deserialization RCE in HestiaCP
HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that allows unauthenticated remo...
CVE-2026-47107: Incorrect Default Permissions in Windmill nsjail Sandbox
Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticat...
CVE-2026-44159: Default Admin Credentials in Tyler Identity Local (TID-L)
Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020...
CVE-2026-4883: Arbitrary File Upload in WordPress Piotnet Forms plugin
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all versions up to, and including,...
CVE-2026-4885: Arbitrary File Upload in WordPress Piotnet Addons for Elementor Pro
The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, and...
CVE-2026-8948: Same-Origin Policy Bypass in Mozilla Firefox
Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151....
CVE-2026-8950: Same-Origin Policy Bypass in Mozilla Firefox
Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11....
CVE-2026-8953: Use-after-free sandbox escape in Mozilla Firefox
Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, and Firefox ESR 140.11....
CVE-2026-8956: Integer Overflow in Mozilla Firefox
Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11....
CVE-2026-8959: Sandbox Escape in Mozilla Firefox
Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11....
CVE-2026-8973: Memory safety bugs in Mozilla Firefox
Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code....
CVE-2026-8974: Memory safety bugs in Mozilla Firefox
Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited...
CVE-2026-8975: Memory safety bugs in Mozilla Firefox
Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could...
CVE-2026-7302: Unauthenticated path traversal in SGLang
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by i...
CVE-2026-7301: Unauthenticated RCE in SGLang multimodal runtime
SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the interne...
CVE-2026-7304: Unauthenticated RCE in SGLang custom logit processor
SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will ...
CVE-2018-25320: Arbitrary code execution in Galvanize ACL Analytics
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can u...
CVE-2018-25332: Unauthenticated RCE in GitBucket
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload...
CVE-2018-25335: Arbitrary file upload in WordPress Peugeot Music plugin
WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. ...
CVE-2020-37228: CAPTCHA bypass in iDS6 DSSPro Digital Signage System
iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retri...
CVE-2021-47952: Remote code execution in Python jsonpickle (py/repr)
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. A...
CVE-2020-37239: Broken double-free detection in babl (libbabl)
libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call babl_f...
CVE-2026-42897: Microsoft Exchange Server Cross-Site Scripting Vulnerability
Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be ex...
CVE-2026-5229: Authentication Bypass in WordPress Form Notify plugin
The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which Wo...
CVE-2026-8398: Supply chain attack trojanizing DAEMON Tools Lite installers
A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc be...
CVE-2025-11024: Blind SQL Injection in Akilli Commerce E-Commerce Website
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. Thi...
CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges ...
CVE-2026-2347: Authorization Bypass in Akilli Commerce E-Commerce Website
Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue affects E-Commerce Website: be...
CVE-2026-41615: Information Disclosure in Microsoft Authenticator
Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network....
CVE-2026-6271: Arbitrary File Upload RCE in WordPress Career Section plugin
The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This ma...
CVE-2026-6510: Privilege Escalation in WordPress InfusedWoo Pro plugin
The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capab...
CVE-2026-6512: Authorization Bypass in WordPress InfusedWoo Pro plugin
The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to...
CVE-2026-8181: Authentication bypass in WordPress Burst Statistics (plugin)
Authentication bypass in Burst Statistics WordPress plugin versions 3.4.0 to 3.4.1.1 due to incorrect return-value handling in is_mainwp_authenticated(). Unauthenticated attackers with knowledge of admin username can impersonate that administrator...
CVE-2026-8500: Command Injection (RCE) in Perl Web::Passwd
Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files. The user parameter is not validated or escaped...
CVE-2026-8511: Use-after-free in UI in Google Chrome (sandbox escape)
Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)...
CVE-2026-8580: Use-after-free in Mojo in Google Chrome (sandbox escape)
Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)...
CVE-2026-8634: Environment variable exposure in Crabbox (secret leakage)
Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens,...
CVE-2020-37168: Weak Cryptographic Implementation in Ecommerce Systempay
Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. At...
CVE-2025-11159: Remote Code Execution via JDBC in Hitachi Vantara Pentaho
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data ...
CVE-2026-40621: Missing Authentication in ELECOM Wireless LAN Access Points
ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication....
CVE-2026-32661: Stack-based buffer overflow in GUARDIANWALL MailSuite
Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's ...
CVE-2026-41225: Arbitrary Command Execution in F5 BIG-IP iControl REST
Vulnerability in F5 BIG-IP iControl REST allows a highly privileged authenticated attacker with at least the Manager role to create configuration objects that enable running arbitrary commands...
CVE-2026-42062: OS Command Injection in ELECOM Wireless LAN Access Point
ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authenticatio...
CVE-2025-40949: Unauthenticated RCE in Siemens RUGGEDCOM ROX
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX15...
CVE-2025-6577: SQL Injection in Akilli Commerce E-Commerce Website
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection. This issu...
CVE-2026-22924: Resource Exhaustion DoS in Siemens SIMATIC CN 4100
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion ...
CVE-2026-25786: Stored XSS via PLC Name in Siemens SIMATIC Web Interface
Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is authoriz...
CVE-2026-25787: Stored XSS via Technology Object Name in Siemens SIMATIC
Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker wh...
CVE-2026-26083: Missing authorization in Fortinet FortiSandbox
A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, Forti...
CVE-2026-29204: Insufficient ownership checks in cPanel clientarea.php
Insufficient ownership checks in clientarea.php allow an authenticated client area user to submit requests using another user's addonId without any ownership validation leading to unauthorized acc...
CVE-2026-31230: Argument Injection in Adversarial Robustness Toolbox
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the uns...
CVE-2026-33117: Improper authentication in Azure SDK allows security feature bypass
Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network....
CVE-2026-31242: Missing Authentication in mem0 Server (DELETE /memories)
The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE re...
CVE-2026-34260: SQL Injection in SAP S/4HANA Enterprise Search for ABAP
SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The applicat...
CVE-2026-34263: Unauthenticated Code Injection in SAP Commerce Cloud
Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user to perform malicious configuration upload and code injection, resulting in arbitrary server-side code e...
CVE-2026-34659: Deserialization of Untrusted Data in Adobe Connect
Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current u...
CVE-2026-40379: Sensitive Information Exposure in Azure Entra ID
Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network....
CVE-2026-34660: Incorrect Authorization in Adobe Connect
Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An a...
CVE-2026-40402: Use-After-Free Privilege Escalation in Microsoft Windows Hyper-V
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally....
CVE-2026-41089: Stack-based Buffer Overflow in Microsoft Windows Netlogon
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network, enabling unauthenticated remote code execution...
CVE-2026-41096: Heap-based Buffer Overflow in Microsoft Windows DNS
Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network, enabling critical unauthenticated remote code execution...
CVE-2026-41103: Privilege Escalation in Microsoft SSO Plugin for Jira & Confluence
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-41551: Path Traversal in Siemens ROS#
Path traversal vulnerability in Siemens ROS# (versions prior to 2.2.2) allows a remote attacker to access arbitrary files due to insufficient sanitization of user input...
CVE-2026-42823: Improper Access Control in Azure Logic Apps
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network....
CVE-2026-42833: Execution with Unnecessary Privileges in Microsoft Dynamics 365
Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network....
CVE-2026-42898: Code Injection in Microsoft Dynamics 365 (on-premises)
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network....
CVE-2026-44277: Improper Access Control in Fortinet FortiAuthenticator
An improper access control vulnerability in Fortinet FortiAuthenticator versions 8.0.2, 8.0.0, 6.6.0-6.6.8 and 6.5.0-6.5.6 may allow an attacker to execute unauthorized code or commands....
CVE-2026-45185: Remotely Reachable Use-After-Free in Exim MTA
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CH...
CVE-2026-8043: File name external control in Ivanti Xtraction
External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web directory, leading to i...
CVE-2026-40636: Hard-coded Credentials in Dell ECS and ObjectScale
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0 contain a hard-coded credentials vulnerability allowing unauthenticated local attackers to gain filesystem access...
CVE-2026-7813: Authorization bypass in pgAdmin Development Team pgAdmin 4
Authorization vulnerability in pgAdmin 4 server mode allows authenticated users to access other users' private servers, groups, and debugger arguments by guessing object IDs. Shared Servers feature also leaks credentials...
CVE-2021-47923: Session Fixation Vulnerability in OpenCart
OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID co...
CVE-2021-47932: Privilege Escalation in WordPress TheCartPress Plugin
WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler....
CVE-2021-47933: Arbitrary File Upload in WordPress MStore API Plugin
WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers ...
CVE-2021-47936: Remote Code Execution via File Upload in OpenCATS
OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Atta...
CVE-2021-47940: Arbitrary File Upload in WordPress Download From Files Plugin
WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting the AJAX fil...
CVE-2026-25199: Tenant Isolation Bypass in Apache CloudStack Proxmox Extension
Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants. This issue affects Apache CloudStack: from 4.21.0.0 through 4.22.0.0. The Proxmo...
CVE-2026-33109: Improper access control in Azure Managed Instance for Apache Cassandra
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network....
CVE-2026-33823: Improper authorization in Microsoft Teams allows information disclosure
Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network....
CVE-2026-35428: Command Injection in Azure Cloud Shell
Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network....
CVE-2026-33844: Improper Input Validation in Azure Managed Instance for Apache Cassandra
Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network....
CVE-2026-42208: BerriAI LiteLLM SQL Injection Vulnerability
BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorised access to the proxy and the cre...
CVE-2026-42826: Sensitive Information Exposure in Azure DevOps
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network....
CVE-2026-8153: OS command injection in Universal Robots PolyScope
OS command injection in Dashboard Server interface in Universal Robots PolyScope prior to 5.21.1 allows unauthenticated attackers to execute arbitrary code on the robot's OS. No authentication required...
CVE-2026-33587: SSTI remote code execution in Lfnovo Open-Notebook
Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SS...
CVE-2026-40982: Directory Traversal in VMware Spring Cloud Config
Directory traversal vulnerability in VMware Spring Cloud Config (versions 3.1.0-3.1.13 and 4.1.0-4.1.9) allows attackers with crafted URLs to access arbitrary files via the spring-cloud-config-server module...
CVE-2026-6508: Origin Validation Error in TUBITAK BILGEM Liderahenk
Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2....
CVE-2026-6795: Open Redirect Vulnerability in DivvyDrive
URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Parameter Injection. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2....
CVE-2026-5791: CSRF Vulnerability in DivvyDrive
Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2....
CVE-2026-6973: Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution....
CVE-2026-7414: Hardcoded Credentials in Yarbo Firmware
Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or re...
CVE-2026-7415: Unauthenticated MQTT access in Yarbo Yarbo Firmware
The MQTT broker embedded in Yarbo firmware v2.3.9 allows anonymous connections with no ACLs. Any host on the same network can subscribe to sensitive telemetry or publish control commands to the robot...
CVE-2026-0300: Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrar...
CVE-2026-5081: Insecure Session ID Generation in Perl Apache-Session
Apache::Session::Generate::ModUniqueId versions 1.54-1.94 for Perl generate insecure session IDs based on predictable server metadata, exposing sessions to forgery attacks....
CVE-2026-28780: Heap-based buffer overflow in Apache HTTP Server mod_proxy_ajp
Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_...
CVE-2023-54342: Remote Code Execution in Eclipse Equinox OSGi
Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the ...
CVE-2023-54344: Remote Code Execution in Eclipse Equinox OSGi via Console
Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. ...
CVE-2025-13618: Privilege Escalation in WordPress Mentoring Plugin
The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can regist...
CVE-2026-36356: OS Command Injection in MeiG Smart FORGE_SLT711
The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint....
CVE-2026-40797: Blind SQL Injection in Saleswonder LLC WebinarIgnition Plugin
Blind SQL Injection vulnerability in Saleswonder LLC WebinarIgnition WordPress plugin (versions up to 4.08.253) allows unauthenticated attackers to extract sensitive database information...
CVE-2026-5294: Missing Authorization RCE in WordPress Geeky Bot Plugin
The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. Unauthenticated attackers can install arbitrary plugins and achieve remote code execution....
CVE-2026-7411: Path Traversal RCE in Eclipse BaSyx Java Server SDK
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal atta...
CVE-2026-5722: Authentication Bypass in WordPress MoreConvert Pro plugin
The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest waitlist verification flow not invalidating or re...
CVE-2026-7834: Stack buffer overflow in EFM Networks ipTIME NAS1dual
Stack-based buffer overflow in EFM Networks ipTIME NAS1dual 1.5.24 via the get_csrf_whites function in /cgi/advanced/misc_main.cgi allows remote code execution. Exploit publicly disclosed; vendor did not respond...
CVE-2026-7823: OS command injection in Totolink A8000RU
OS command injection in Totolink A8000RU 7.1cu.643_b20200521 via the setAppFilterCfg function in /cgi-bin/cstecgi.cgi. The manipulation of the enable argument allows remote code execution. Public exploit available...
CVE-2026-7853: Buffer overflow in D-Link DI-8100
Buffer overflow in D-Link DI-8100 16.07.26A1 via the sprintf function in /auto_reboot.asp HTTP Handler. Manipulation of the enable/time argument causes buffer overflow exploitable remotely. Public exploit available...
CVE-2026-7854: Buffer overflow in D-Link DI-8100 POST Parameter Handler
Buffer overflow in D-Link DI-8100 16.07.26A1 via the url_rule_asp function in /url_rule.asp POST Parameter Handler. Remote exploitation possible. Exploit publicly disclosed...
CVE-2025-14320: Reflected XSS in Tegsoft Online Support Application
A Reflected XSS vulnerability has been identified in Tegsoft Online Support Application, caused by improper neutralization of input during web page generation...
CVE-2026-42364: OS command injection in GeoVision LPC2011/LPC2211
An OS command injection vulnerability has been identified in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211. A specially crafted DDNS configuration allows arbitrary command execution...
CVE-2026-42368: Privilege escalation in GeoVision LPC2011/LPC2211
A privilege escalation vulnerability has been identified in the Web Interface of GeoVision LPC2011/LPC2211 devices. A specially crafted HTTP request enables execution of privileged operations...
CVE-2026-25293: Buffer overflow in Qualcomm PLC Firmware
A buffer overflow caused by incorrect authorization in Qualcomm PLC firmware allows an attacker on an adjacent network to impact device confidentiality, integrity and availability...
CVE-2026-42369: Remote interface exposure in GeoVision GV-VMS V20
GV-VMS V20 is a video monitoring application. Enabling the "WebCam Server" feature exposes a native server compiled without ASLR, significantly easing exploitation and amplifying the risk of remote attack...
CVE-2026-42370: Stack overflow in GeoVision GV-VMS V20 WebCam Server Login
A stack overflow vulnerability has been identified in the WebCam Server Login functionality of GeoVision GV-VMS V20. A specially crafted, unauthenticated HTTP request can lead to remote code execution...
CVE-2026-42373: Hardcoded telnet backdoor in D-Link DIR-605L (rev. B2, EOL)
D-Link DIR-605L router (rev. B2, End-of-Life) contains a hardcoded telnet backdoor with credentials Alphanetworks/wrgn76_dlwbr_dir605L, granting unauthenticated attackers on the local network root shell access...
CVE-2026-42374: Hardcoded telnet backdoor in D-Link DIR-600L (rev. B1, EOL)
D-Link DIR-600L router (rev. B1, End-of-Life) contains a hardcoded telnet backdoor with credentials Alphanetworks/wrgn61_dlwbr_dir600L, granting unauthenticated attackers on the local network root shell access...
CVE-2026-42376: Hardcoded telnet backdoor in D-Link DIR-456U
The D-Link DIR-456U Hardware Revision A1 (End-of-Life) router contains an embedded telnet backdoor with a static password. An unauthenticated attacker on the local network can obtain root privileges...
CVE-2026-42375: Hardcoded telnet backdoor in D-Link DIR-600L (rev. A1, EOL)
D-Link DIR-600L router (rev. A1, End-of-Life) contains a hardcoded telnet backdoor with credentials Alphanetworks/wrgn35_dlwbr_dir600l, granting unauthenticated attackers on the local network root shell access...
CVE-2026-42796: Unauthenticated RCE in Arelle (/rest/configure)
Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure endpoint - the plugins parameter is forwarded to the plugin manager without authorization, allowing remote code execution...
CVE-2026-42809: Privilege escalation in Apache Polaris via vended storage credentials
Apache Polaris can issue broad temporary ("vended") storage credentials during staged table creation before the effective table location has been validated, allowing an attacker to direct the scope of those credentials to a target of their choice...
CVE-2026-42810: Wildcard injection in Apache Polaris (S3 IAM)
Apache Polaris accepts literal * characters in namespace and table names. Those characters are reused unescaped in S3 IAM policies, allowing an attacker to broaden the scope of temporary credentials to other tables...
CVE-2026-42811: GCS credential scope bypass in Apache Polaris
Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the whole configured bucket...
CVE-2026-42812: Metadata validation bypass in Apache Polaris (Iceberg)
In Apache Iceberg, table metadata files are control files - they tell readers which data files belong to the table and which version to read. Changing write.metadata.path via ALTER TABLE bypasses Polaris-side validation...
CVE-2026-7161: Credential leak in GeoVision GV-IP Device Utility
GeoVision GV-IP Device Utility uses insufficient encryption in its Device Authentication functionality. Listening to broadcast packets can lead to leakage of device credentials...
CVE-2026-7372: Stack overflow in GeoVision GV-VMS V20 (sscanf)
A stack overflow vulnerability has been identified in the WebCam Server Login functionality of GeoVision GV-VMS V20, caused by an unconstrained sscanf call when splitting the buffer into username and password...
CVE-2026-7719: Buffer overflow in Totolink WA300
A buffer overflow has been identified in the loginauth function of /cgi-bin/cstecgi.cgi on Totolink WA300 routers. Manipulation of the http_host argument enables a remote attack...
CVE-2026-7482: Heap out-of-bounds read in Ollama (GGUF loader)
Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in its GGUF model loader. A crafted GGUF file submitted to /api/create can leak server memory, including API keys and system prompts...
CVE-2026-7747: Buffer overflow in Totolink N300RH
A buffer overflow has been identified in the loginauth function of /cgi-bin/cstecgi.cgi on Totolink N300RH routers. Manipulation of the Password argument enables a remote attack...
CVE-2026-4882: Arbitrary file upload in WordPress User Registration Advanced Fields
The User Registration Advanced Fields plugin for WordPress (versions up to and including 1.6.20) allows unauthenticated attackers to upload arbitrary files, potentially leading to remote code execution on the server...
CVE-2026-7458: Authentication bypass in WordPress User Verification by PickPlugins
The User Verification by PickPlugins plugin for WordPress (versions up to and including 2.0.46) allows unauthenticated attackers to log in as any user with a verified email by submitting an OTP value of "true"...
CVE-2026-37531: Zip Slip and TOCTOU in Automotive Grade Linux app-framework-main
AGL app-framework-main through 17.1.12 contains a Zip Slip path traversal (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow, allowing files to escape the intended directory.
CVE-2026-31431: Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability
Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation....
CVE-2026-37539: Buffer overflow in cannelloni CAN frame parser
Buffer overflow in cannelloni v2.0.0 CAN frame parsing (parseCANFrame in parser.cpp and decodeFrame in decoder.cpp) allows remote attackers to cause denial of service or possibly execute arbitrary code via crafted CAN FD frames.
CVE-2026-37541: Buffer overflow in Open Vehicle Monitoring System 3 (OVMS3)
Buffer overflow in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers to cause denial of service or possibly execute arbitrary code via crafted GVRET frames.
CVE-2026-42482: Stack buffer overflow in hashcat mangle_to_hex
A stack-based buffer overflow in mangle_to_hex_lower() and mangle_to_hex_upper() in src/rp_cpu.c in hashcat v7.1.2 allows an attacker to cause denial of service or possibly execute arbitrary code via a crafted rule file or long password candidates.
CVE-2026-42484: Heap buffer overflow in hashcat PKZIP hash parser
A heap-based buffer overflow in hex_to_binary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause denial of service or possibly execute arbitrary code via a crafted PKZIP hash file.
CVE-2026-42483: Heap buffer overflow in hashcat Kerberos hash parser
A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause denial of service or possibly execute arbitrary code via a crafted Kerberos hash file.
CVE-2026-42778: Incomplete deserialization fix in Apache MINA (2.1.X/2.2.X branches)
The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches of Apache MINA. The classname allowlist in AbstractIoBuffer.getObject() was applied too late - a static initializer in the class to be read might already have executed.
CVE-2026-42779: Deserialization allowlist bypass in Apache MINA (2.1.X/2.2.X)
The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. AbstractIoBuffer.resolveClass() in Apache MINA contains two branches; one (for static classes/primitive types) does not check the class at all, bypassing the allowlist.
CVE-2026-7538: OS command injection in Totolink A8000RU
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521 affecting /cgi-bin/cstecgi.cgi (CGI Handler). Manipulating the proto argument leads to remote OS command injection...
CVE-2026-7546: Stack buffer overflow in Totolink NR1800X
A stack-based buffer overflow exists in the find_host_ip function of the lighttpd component on Totolink NR1800X routers. Manipulation of the Host header enables a remote attack...
CVE-2026-7567: Authentication bypass in WordPress Temporary Login plugin
The Temporary Login plugin for WordPress (versions up to and including 1.0.0) contains an authentication bypass in the maybe_login_temporary_user() function. Passing an array instead of a string in the GET parameter lets an attacker log in as an arbitrary user, typically an administrator...
CVE-2018-25316: Authentication bypass in Tenda W308R router
Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings and redirect user traffic to malicious sites.
CVE-2018-25317: Authentication bypass in Tenda W3002R/A302/W309R routers
Tenda W3002R/A302/W309R wireless routers running V5.07.64_en contain a cookie session weakness allowing unauthenticated attackers to alter DNS servers and redirect user traffic.
CVE-2018-25318: Authentication bypass in Tenda FH303/A300 routers
Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings and redirect user traffic to malicious sites.
CVE-2026-36841: Command injection in TOTOLINK N200RE V5
TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function.
CVE-2026-41446: Hidden diagnostic endpoints in Snap One WattBox 800/820
Snap One WattBox 800 and 820 firmware before 2.10.0.0 exposes hidden HTTP diagnostic endpoints that authenticate using only the device MAC address and service tag - both printed in plaintext on the device label.
CVE-2026-41940: Authentication bypass in cPanel & WHM login flow
cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and 11.136.0.5 contain an authentication bypass vulnerability in the login flow allowing unauthenticated remote attackers to access the control panel.
CVE-2026-42523: Stored XSS in Jenkins GitHub Plugin
Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL inside JavaScript validating the 'GitHub hook trigger for GITScm polling' feature, resulting in a stored XSS exploitable by users with Overall/Read.
CVE-2026-5166: Path Traversal in TUBITAK BILGEM Pardus Software Center
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in TUBITAK BILGEM Pardus Software Center allows path traversal. Affects Pardus Software Center before 1.0.3.
CVE-2026-7333: Use-after-free in Google Chrome GPU component
Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page (Chromium severity: High).
CVE-2026-7343: Use-after-free in Google Chrome on Windows (Views component)
Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page (Chromium severity: Critical).
CVE-2024-1708: 2024 Vulnerability Now Actively Exploited (ConnectWise)
ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems....
CVE-2026-32644: Default SSL private keys in Milesight AIOT cameras
Specific firmware versions of Milesight AIOT cameras use SSL certificates with shared default private keys, enabling man-in-the-middle attacks against camera traffic...
CVE-2026-40976: Spring Boot default web security ineffective, allows unauthorized access
Under specific conditions Spring Boot 4.0.0-4.0.5 default web security is ineffective and allows unauthorized access to all endpoints in servlet web applications relying on the default filter chain...
CVE-2026-7202: OS command injection in Totolink A8000RU (setWiFiWpsStart)
A vulnerability in Totolink A8000RU 7.1cu.643_b20200521 in the setWiFiWpsStart function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the wscDisabled argument - the exploit has been disclosed...
CVE-2026-7203: OS command injection in Totolink A8000RU (setUrlFilterRules)
A vulnerability in Totolink A8000RU 7.1cu.643_b20200521 in the setUrlFilterRules function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the enable argument - the exploit has been made public...
CVE-2026-7204: OS command injection in Totolink A8000RU (setPptpServerCfg)
A vulnerability in Totolink A8000RU 7.1cu.643_b20200521 in the setPptpServerCfg function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the enable argument - the exploit has been disclosed...
CVE-2026-7240: OS command injection in Totolink A8000RU (setVpnAccountCfg)
A vulnerability in Totolink A8000RU 7.1cu.643_b20200521 in the setVpnAccountCfg function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the User argument - the exploit has been disclosed...
CVE-2026-7241: OS command injection in Totolink A8000RU (setWiFiBasicCfg)
A vulnerability in Totolink A8000RU 7.1cu.643_b20200521 in the setWiFiBasicCfg function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the wifiOff argument - the exploit has been made public...
CVE-2026-7243: OS command injection in Totolink A8000RU (setRadvdCfg)
A vulnerability in Totolink A8000RU 7.1cu.643_b20200521 in the setRadvdCfg function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the maxRtrAdvInterval argument - the exploit is publicly available...
CVE-2026-7242: OS command injection in Totolink A8000RU (setOpenVpnClientCfg)
A vulnerability in Totolink A8000RU 7.1cu.643_b20200521 in the setOpenVpnClientCfg function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the enabled argument - the exploit has been disclosed...
CVE-2026-7244: OS command injection in Totolink A8000RU (setWiFiEasyGuestCfg)
A security flaw in Totolink A8000RU 7.1cu.643_b20200521 in the setWiFiEasyGuestCfg function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the merge argument - the exploit has been released...
CVE-2026-7248: Buffer overflow in D-Link DI-8100 CGI tgfile.htm endpoint
A vulnerability in D-Link DI-8100 16.07.26A1 affects the tgfile_htm function in the tgfile.htm CGI endpoint. Manipulating the fn argument causes a remotely exploitable buffer overflow with a public exploit available.
CVE-2026-7321: Sandbox escape in Mozilla Firefox ESR via WebRTC Networking
Sandbox escape in Mozilla Firefox ESR caused by incorrect boundary conditions in the WebRTC: Networking component. The vulnerability was fixed in Firefox ESR 140.10.1.
CVE-2026-22336: SQL injection in WordPress Directorist Booking plugin
The WordPress Directorist Booking plugin before 3.0.2 is vulnerable to SQL injection due to improper neutralization of special elements used in an SQL command...
CVE-2026-22337: Privilege escalation in Directorist Social Login plugin
The Directorist Social Login plugin before 2.1.4 contains an Incorrect Privilege Assignment flaw that allows an attacker to escalate privileges in WordPress...
CVE-2026-30352: RCE in /devserver/start endpoint of leonvanzyl/autocoder
The /devserver/start endpoint of leonvanzyl autocoder (commit 79d02a) allows remote attackers to execute arbitrary code via a crafted command parameter...
CVE-2026-33453: Header injection in Apache Camel camel-coap leads to RCE
Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to header-sensitive producers...
CVE-2026-33454: Header injection in Apache Camel camel-mail
Apache Camel's camel-mail component filters headers only on the 'out' direction, missing the 'in' direction - this allows control headers to be injected via inbound mail...
CVE-2026-40453: Incomplete header filter fix in Apache Camel
The fix for CVE-2025-27636 was not applied to five non-HTTP HeaderFilterStrategy implementations in camel-jms, camel-sjms, camel-coap and camel-google-pubsub, allowing case-variant header bypass...
CVE-2026-40860: Unsafe JMS ObjectMessage deserialization in Apache Camel
JmsBinding classes in camel-jms and camel-sjms deserialize JMS ObjectMessage without any ObjectInputFilter or class allowlist, allowing an attacker to achieve remote code execution via a crafted JMS message...
CVE-2026-41409: Incomplete deserialization fix in Apache MINA
The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete - the classname allowlist was applied too late, after a static initializer could already have run, allowing remote code execution...
CVE-2026-41462: Unauthenticated SQL injection in ProjeQtor
ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization...
CVE-2026-41635: Class allowlist bypass in Apache MINA
Apache MINA's AbstractIoBuffer.resolveClass() contains two branches - one of them (for static classes or primitive types) does not check the class at all, bypassing the classname allowlist and allowing arbitrary code execution...
CVE-2026-42363: Insufficient encryption in GeoVision GV-IP Device Utility
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5 - listening to broadcast packets can lead to credentials leak...
CVE-2026-7121: OS command injection in Totolink A8000RU (setWizardCfg)
A flaw in Totolink A8000RU 7.1cu.643_b20200521 in the setWizardCfg function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the wizard argument - the exploit has been published...
CVE-2026-7122: OS command injection in Totolink A8000RU (setUPnPCfg)
A vulnerability in Totolink A8000RU 7.1cu.643_b20200521 in the setUPnPCfg function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the enable argument - the exploit has been disclosed...
CVE-2026-7136: OS command injection in Totolink A8000RU (setDmzCfg)
A weakness in Totolink A8000RU 7.1cu.643_b20200521 in the setDmzCfg function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the wanIdx argument - the exploit has been made public...
CVE-2026-7140: OS command injection in Totolink A8000RU (CsteSystem)
A vulnerability in Totolink A8000RU 7.1cu.643_b20200521 in the CsteSystem function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the HTTP argument - the exploit has been disclosed...
CVE-2026-7139: OS command injection in Totolink A8000RU (setWiFiAclRules)
A flaw in Totolink A8000RU 7.1cu.643_b20200521 in the setWiFiAclRules function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the mode argument - the exploit has been published...
CVE-2026-7037: OS command injection in Totolink A8000RU router - public exploit
Totolink A8000RU 7.1cu.643_b20200521 contains an OS command injection in the setVpnPassCfg function of /cgi-bin/cstecgi.cgi - a public exploit is available...
CVE-2026-6951: RCE in npm simple-git via incomplete fix bypass
simple-git versions before 3.36.0 are vulnerable to remote code execution (RCE) due to an incomplete fix for CVE-2022-25912 that blocks -c but not the equivalent --config form...
CVE-2024-57726: 2024 Vulnerability Now Actively Exploited (SimpleHelp )
SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges t...
CVE-2024-57728: 2024 Vulnerability Now Actively Exploited (SimpleHelp )
SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited ...
CVE-2024-7399: 2024 Vulnerability Now Actively Exploited (Samsung)
Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority....
CVE-2026-1949: Stack buffer overflow in Delta Electronics AS320T (GET/PUT handler)
Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service, leading to a stack buffer overflow...
CVE-2026-1950: Buffer overflow in Delta Electronics AS320T (file name length)
Delta Electronics AS320T has no checking of the length of the buffer with the file name, which leads to a buffer overflow...
CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability
D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via t...
CVE-2026-1951: Buffer overflow in Delta Electronics AS320T (directory name length)
Delta Electronics AS320T has no checking of the length of the buffer with the directory name, leading to a buffer overflow...
CVE-2026-1952: Denial of service in Delta Electronics AS320T
Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability...
CVE-2026-21515: Privilege escalation in Microsoft Azure IoT Central
Azure IoT Central exposes sensitive information to an unauthorized actor, allowing an authorized attacker to elevate privileges over a network...
CVE-2026-24303: Privilege escalation in Microsoft Partner Center via improper access control
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network...
CVE-2026-25775: Unauthenticated firmware update in SenseLive X3050
SenseLive X3050's remote management service allows firmware retrieval and update operations without authentication or authorization, enabling full device takeover...
CVE-2026-27843: Persistent device lockout in SenseLive X3050 via web management flaw
SenseLive X3050's web management interface lets an attacker modify critical configuration parameters without sufficient authentication, leading to a persistent device lockout...
CVE-2026-32210: SSRF in Microsoft Dynamics 365 (Online)
Server-side request forgery (SSRF) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-33819: Deserialization of untrusted data in Microsoft Bing - RCE
Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network...
CVE-2026-26210: Unsafe pickle deserialization in KTransformers
KTransformers through 0.5.3 contains an unsafe deserialization flaw in balance_serve mode that lets an attacker run arbitrary code by sending a crafted pickle payload to the exposed ZMQ socket...
CVE-2026-33102: Open redirect in Microsoft M365 Copilot
URL redirection to an untrusted site (open redirect) in M365 Copilot allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-35503: Client-side authentication bypass in SenseLive X3050
SenseLive X3050's web interface performs authentication entirely on the client side - an attacker reading the login page scripts can obtain administrative access...
CVE-2026-35431: SSRF in Microsoft Entra ID Entitlement Management
Server-side request forgery (SSRF) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-39920: Default credentials in BridgeHead FileStore lead to RCE
BridgeHead FileStore versions prior to 24A expose the Apache Axis2 administration module with default credentials, allowing remote attackers to execute arbitrary OS commands...
CVE-2026-40620: Unauthenticated management service in SenseLive X3050
SenseLive X3050's embedded management service allows full administrative takeover without authentication - any host on the network can modify configuration and operating mode...
CVE-2026-40630: Access control bypass in SenseLive X3050 web interface
SenseLive X3050's web management interface allows unauthorized access to certain configuration endpoints due to improper access control - an attacker can bypass the intended authentication...
CVE-2026-23751: Unauthenticated .NET Remoting access in Kofax Capture / Tungsten Capture
Kofax Capture (now Tungsten Capture) version 6.0.0.0 exposes a deprecated .NET Remoting HTTP channel on port 2424 accessible without authentication, allowing arbitrary file read and write...
CVE-2026-29198: NoSQL injection and account takeover in Rocket.Chat
A NoSQL injection in Rocket.Chat (<8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, <7.10.9) can lead to account takeover of the first user with a generated token when an OAuth app is configured...
CVE-2026-31175: Command injection in TOTOLINK A3300R via stunEnable parameter
TOTOLINK A3300R firmware v17.0.0cu.557_B20221024 allows attackers to execute arbitrary commands via the stunEnable parameter in the /cgi-bin/cstecgi.cgi endpoint...
CVE-2026-31177: Command injection in TOTOLINK A3300R via stunMinAlive parameter
TOTOLINK A3300R firmware v17.0.0cu.557_B20221024 allows attackers to execute arbitrary commands via the stunMinAlive parameter in the /cgi-bin/cstecgi.cgi endpoint...
CVE-2026-31181: Command injection in TOTOLINK A3300R via stunServerAddr parameter
TOTOLINK A3300R firmware v17.0.0cu.557_B20221024 allows attackers to execute arbitrary commands via the stunServerAddr parameter in the /cgi-bin/cstecgi.cgi endpoint...
CVE-2026-3844: Arbitrary file upload in Breeze Cache plugin for WordPress
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_gravatar_from_remote function, which may enable remote code execution...
CVE-2026-31178: Command injection in TOTOLINK A3300R via stunMaxAlive parameter
TOTOLINK A3300R firmware v17.0.0cu.557_B20221024 allows attackers to execute arbitrary commands via the stunMaxAlive parameter in the /cgi-bin/cstecgi.cgi endpoint...
CVE-2026-39440: Code injection leading to RCE in FunnelFormsPro
Funnelforms LLC FunnelFormsPro contains an Improper Control of Generation of Code (Code Injection) vulnerability that allows Remote Code Inclusion in versions up to 3.8.1...
CVE-2026-39087: Remote code execution (RCE) in Ntfy (ntfy.sh)
A vulnerability in Ntfy ntfy.sh before v2.21 allows a remote attacker to execute arbitrary code via the parseActions function. The flaw enables full takeover of the notification server...
CVE-2026-40470: Critical XSS in hackage-server (hackage.haskell.org)
A critical XSS vulnerability affected hackage-server and hackage.haskell.org - HTML and JavaScript files in source packages were served as-is on the main domain, enabling session hijacking...
CVE-2026-39987: Marimo Remote Code Execution Vulnerability
Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands....
CVE-2026-40471: Missing CSRF protection in hackage-server (hackage.haskell.org)
hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its endpoints, allowing scripts on foreign sites to trigger requests to the hackage server...
CVE-2026-41460: Critical SQL injection in SocialEngine
SocialEngine 7.8.0 and earlier contain a SQL injection in the /activity/index/get-memberall endpoint. Unauthenticated attackers can read database contents, reset admin passwords, and take over the admin panel...
CVE-2026-40472: Stored XSS in hackage-server (Haskell)
In hackage-server (the Haskell package registry server), user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting (XSS) attacks...
CVE-2026-6885: Arbitrary file upload in Borg SPM 2007 leading to RCE
Borg SPM 2007 by BorG Technology Corporation has an Arbitrary File Upload vulnerability allowing unauthenticated remote attackers to upload and execute web shell backdoors...
CVE-2026-6886: Authentication bypass in Borg SPM 2007
Borg SPM 2007 by BorG Technology Corporation has an Authentication Bypass vulnerability allowing unauthenticated remote attackers to log into the system as any user...
CVE-2026-6887: SQL Injection in Borg SPM 2007
Borg SPM 2007 by BorG Technology Corporation has a SQL Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete data...
CVE-2026-6942: OS command injection in radare2-mcp
radare2-mcp version 1.6.0 and earlier contains an OS command injection vulnerability allowing attackers to bypass the command filter via shell metacharacters in the jsonrpc interface...
CVE-2018-25270: Remote code execution in ThinkPHP 5.0.23
ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter...
CVE-2018-25272: Remote code execution and privilege escalation in ELBA5 5.8.0
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions...
CVE-2026-1555: Arbitrary file upload in WebStack theme for WordPress
The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the io_img_upload() function, which may enable remote code execution...
CVE-2026-33825: Microsoft Defender Insufficient Granularity of Access Control Vulnerability
Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally....
CVE-2026-34415: Incomplete input validation in Xerte Online Toolkits leads to RCE
Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint, allowing PHP code upload and execution via .php4 extension...
CVE-2026-4119: Authorization bypass in Create DB Tables plugin for WordPress
The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers admin_post action hooks for creating tables (admin_post_...
CVE-2026-6235: Authorization bypass in Sendmachine plugin for WordPress
The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This is due to the plugi...
CVE-2026-6356: Privilege escalation to super administrator via parameter manipulation
A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation...
CVE-2017-20230: Stack overflow in Perl Storable before 3.05
Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned...
CVE-2026-33518: Incorrect privilege assignment in Esri Portal for ArcGIS 11.5
An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privi...
CVE-2025-15638: Vulnerable libtomcrypt in Perl Net::Dropbear before 0.14
Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions o...
CVE-2026-33519: Incorrect authorization of developer credentials in Esri Portal for ArcGIS 11.4–12.0
An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credential...
CVE-2026-34275: Unauthenticated takeover of Oracle Advanced Inbound Telephony (E-Business Suite)
Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: Setup and Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploi...
CVE-2026-34279: Scope-change compromise in Oracle Enterprise Manager Event Management
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.5 and 24.1. Easily exploi...
CVE-2026-34285: Unauthenticated data tampering in Oracle Identity Manager Connector (Fusion Middleware)
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability a...
CVE-2026-34286: Unauthenticated data tampering in Oracle Identity Manager Connector (Fusion Middleware)
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability a...
CVE-2026-34287: Unauthenticated data tampering in Oracle Identity Manager Connector (Fusion Middleware)
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability a...
CVE-2026-38835: Command injection in Tenda W30E router
Tenda W30E V2.0 (firmware V16.01.0.21) contains a command injection vulnerability in the formSetUSBPartitionUmount function. Attackers can execute arbitrary OS commands via a crafted request...
CVE-2026-40050: Unauthenticated path traversal in CrowdStrike LogScale
CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that...
CVE-2026-5652: Insecure direct object reference in Crafty Controller Users API
An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissi...
CVE-2026-5965: Command injection in NewSoft NewSoftOA
NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server....
CVE-2026-6768: Mitigation bypass in Firefox Networking Cookies component
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150....
CVE-2023-27351: 2023 Vulnerability Now Actively Exploited (PaperCut)
PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class....
CVE-2024-27199: 2024 Vulnerability Now Actively Exploited (JetBrains)
JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed....
CVE-2025-2749: Kentico Xperience Path Traversal Vulnerability
Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations....
CVE-2025-32975: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials....
CVE-2026-20128: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file...
CVE-2026-30269: Privilege escalation in Doorman
Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The `role` field is ac...
CVE-2026-32956: Buffer overflow in Silex Technology SD-330AC / AMC Manager
SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device....
CVE-2026-33557: SASL OAuth JWT validation flaw in Apache Kafka
A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.D...
CVE-2026-39918: Code injection via installation endpoint in Vvveb
Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping ...
CVE-2026-39109: SQL injection in PHPGurukul Apartment Visitors Management System
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page (index.php). This allows an unauthenticate...
CVE-2026-5760: Remote code execution in SGLang
SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using...
CVE-2026-5963: SQL injection in Digiwin EasyFlow .NET
EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents....
CVE-2026-5964: SQL injection in Digiwin EasyFlow .NET
EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents....
CVE-2026-6257: Remote code execution via file rename in Vvveb CMS
Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rena...
CVE-2026-25917: XCom arbitrary code execution by DAG authors in Apache Airflow
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly tru...
CVE-2026-2262: Sensitive data exposure in WordPress Easy Appointments plugin
The Easy Appointments plugin for WordPress (versions ≤ 3.12.21) exposes sensitive customer data via an unprotected REST API endpoint. Unauthenticated attackers can retrieve names, email addresses, phone numbers, and appointment details...
CVE-2026-6443: Backdoored Accordion plugin for WordPress
The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold to a malicious threat actor that embedded a backdoo...
CVE-2026-31843: Unauthenticated PHP file overwrite in Laravel pay-uz package
The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment ...
CVE-2026-34197: Apache ActiveMQ Improper Input Validation Vulnerability
Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection....
CVE-2026-3596: Privilege escalation in WordPress
The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an unauthenticated AJAX action ('wp_ajax_nopri...
CVE-2026-37338: SQL injection in SourceCodester Simple Music Cloud Community System
SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_user.php....
CVE-2026-37345: SQL injection in SourceCodester Vehicle Parking Area Management System
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_park.php....
CVE-2026-40504: Buffer overflow in Creolabs Gravity
Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string lit...
CVE-2026-37347: SQL injection in SourceCodester Payroll Management and Information System
SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php....
CVE-2026-40959: Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod....
CVE-2026-4880: Privilege escalation in WordPress
The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication ...
CVE-2026-6350: Buffer overflow in Openfind MailAudit
MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code....
CVE-2026-6388: Privilege escalation in Argo CD Argo CD Image Updater
A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace bounda...
CVE-2025-41118: Data handling vulnerability in Grafana Pyroscope
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS). If the database is configured to use Tencent C...
CVE-2026-20147: Authenticated command execution in Cisco ISE
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vul...
CVE-2026-20180: Authenticated command execution in Cisco Identity Services Engine
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit...
CVE-2026-20184: SSO impersonation in Cisco Webex Services Control Hub
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. ...
CVE-2026-20186: Authenticated command execution in Cisco Identity Services Engine
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit...
CVE-2026-6296: Buffer overflow in Google Chrome
Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)...
CVE-2026-27304: Improper input validation leading to RCE in Adobe ColdFusion
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitatio...
Critical Vulnerabilities in Fortinet Products – FortiSandbox, FortiDDoS-F, and FortiAnalyzer Cloud (April 2026)
Fortinet has published PSIRT advisories for four vulnerabilities across its products. Two critical flaws in FortiSandbox allow unauthenticated attackers to achieve remote code execution and authentication bypass with privilege escalation...
CVE-2009-0238: 2009 Vulnerability Now Actively Exploited (Microsoft)
Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that in...
CVE-2025-63939: SQL injection in anirudhkannan Grocery Store Management System
Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store Management System 1.0, allows SQL injection via the sitem_name POST parameter....
CVE-2025-65135: SQL injection in manikandan580 School-management-system
In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter....
CVE-2026-22562: Remote code execution in Ubiquiti UniFi Play
A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code exec...
CVE-2026-22563: Command injection in Ubiquiti UniFi Play
A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp (Version 1.0....
CVE-2026-22564: Access control bypass in Ubiquiti UniFi Play
An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system. Affected Products: UniFi Play ...
CVE-2026-27243: Cross-site scripting in Adobe Connect
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerab...
CVE-2026-26149: Security feature bypass in Microsoft Power Apps
Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network....
CVE-2026-27245: Cross-site scripting in Adobe Connect
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerab...
CVE-2026-27246: Cross-site scripting in Adobe Connect
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execu...
CVE-2026-27303: Deserialization in Adobe Connect
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exp...
CVE-2026-27681: Critical SQL Injection Vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse
Critical SQL Injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse allows data manipulation, service disruption, and potential system compromise. Affects versions HANABPC 810, BPC4HANA 300, SAP_BW 750-758, 816.
CVE-2026-32201: Microsoft SharePoint Server Improper Input Validation Vulnerability
Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network....
CVE-2026-33824: Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.
Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network....
CVE-2026-34256: Missing Authorization Check in SAP ERP and SAP S/4HANA
Missing Authorization Check vulnerability in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise) allows data manipulation and service disruption. Affects SAP_FIN 618-730, EA-FIN 617-700, S4CORE 102-109.
CVE-2026-34615: Deserialization in Adobe Connect
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exp...
CVE-2026-39808: OS command injection in Fortinet FortiSandbox
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code ...
CVE-2026-38526: Arbitrary file upload in Krayin Krayin CRM
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file....
CVE-2026-39813: Path traversal in Fortinet FortiSandbox
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here...
CVE-2026-4365: Unauthorized data deletion in LearnPress plugin for WordPress
The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the `delete_question_answer()` function in all versions up to, and including, 4.3.2...
CVE-2026-5752: Sandbox escape via prototype chain in Terrarium
Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal....
CVE-2026-6264: Unauthenticated RCE via JMX port in Talend JobServer
A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend...
CVE-2012-1854: 2012 Vulnerability Now Actively Exploited (Microsoft)
Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution....
CVE-2020-9715: 2020 Vulnerability Now Actively Exploited (Adobe)
Adobe Acrobat contains a use-after-free vulnerability that allows for code execution...
CVE-2023-21529: 2023 Vulnerability Now Actively Exploited (Microsoft)
Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution....
CVE-2023-36424: 2023 Vulnerability Now Actively Exploited (Microsoft)
Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation...
CVE-2025-60710: Microsoft Windows Link Following Vulnerability
Microsoft Windows contains a link following vulnerability that allows for privilege escalation...
CVE-2026-21643: Fortinet SQL Injection Vulnerability
Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests....
CVE-2026-31282: Access control bypass in Totara Totara LMS
Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the logi...
CVE-2026-31283: Missing rate limiting in Totara LMS forgot-password API
In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack....
CVE-2026-40042: XXE in Pachno wiki/issue parser
Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers ...
CVE-2026-40044: Deserialization RCE via cache files in Pachno
Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PH...
CVE-2026-5085: Insecure session ID generation in Perl Solstice::Session
Solstice::Session versions through 1440 for Perl generates session ids insecurely. The _generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the...
CVE-2026-6131: OS command injection via setTracerouteCfg() in Totolink A7100RU CGI
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The m...
CVE-2026-6132: OS command injection via setLedCfg() in Totolink A7100RU CGI
A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulati...
CVE-2026-6138: OS command injection via setAccessDeviceCfg() in Totolink A7100RU CGI
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation...
CVE-2026-6139: OS command injection via UploadOpenVpnCert() in Totolink A7100RU CGI
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of...
CVE-2026-6140: OS command injection via UploadFirmwareFile() in Totolink A7100RU CGI
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulatio...
CVE-2026-6154: OS command injection via setWizardCfg() in Totolink A7100RU CGI
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performin...
CVE-2026-6155: OS command injection via setWanCfg() in Totolink A7100RU CGI
A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of...
CVE-2026-6156: OS command injection via setIpQosRules() in Totolink A7100RU CGI
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipula...
CVE-2026-6195: OS command injection via setPasswordCfg() in Totolink A7100RU CGI
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler...
CVE-2019-25709: Database leak via upload/data directory in CF Image Hosting Script
CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete...
CVE-2026-34621: Prototype pollution leading to RCE in Adobe Acrobat Reader
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could res...
CVE-2026-4149: Remote code execution in Sonos Era 300 Firmware
Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Au...
CVE-2026-5058: Command injection in aws-mcp-server aws-mcp-server
aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication i...
CVE-2026-5059: Command injection in aws-mcp-server aws-mcp-server
aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authenti...
CVE-2026-31845: Cross-site scripting in Rukovoditel CRM
A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflects...
CVE-2026-1115: Cross-site scripting in Lollms
A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the `create_post` fu...
CVE-2026-23781: Hardcoded debug credentials in BMC Control-M/MFT
An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentia...
CVE-2026-34424: Backdoored Smart Slider 3 Pro plugin for WordPress
Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute ...
CVE-2026-33784: Default password in Juniper Networks Support Insights
A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control o...
CVE-2026-5993: OS command injection via setWiFiGuestCfg() in Totolink A7100RU CGI
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such man...
CVE-2026-36235: SQL injection in Itsourcecode Online Student Enrollment System
A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly em...
CVE-2026-5994: OS command injection via setTelnetCfg() in Totolink A7100RU CGI
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a m...
CVE-2026-5995: OS command injection via setMiniuiHomeInfoShow() in Totolink A7100RU CGI
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manip...
CVE-2026-5996: OS command injection via setAdvancedInfoShow() in Totolink A7100RU CGI
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Hand...
CVE-2026-5997: OS command injection via setLoginPasswordCfg() in Totolink A7100RU CGI
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manip...
CVE-2026-6025: OS command injection via setSyslogCfg() in Totolink A7100RU CGI
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the ...
CVE-2026-6026: OS command injection via setPortalConfWeChat() in Totolink A7100RU CGI
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler....
CVE-2026-6027: OS command injection via setUrlFilterRules() in Totolink A7100RU CGI
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a ma...
CVE-2026-6028: OS command injection via setPptpServerCfg() in Totolink A7100RU CGI
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipu...
CVE-2026-6029: OS command injection via setVpnAccountCfg() in Totolink A7100RU CGI
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipula...
CVE-2026-6057: Arbitrary file upload in FalkorDB Browser
FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution....
CVE-2025-13926: Traffic forgery via network sniffing in Contemporary Controls BASC 20T
An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T....
CVE-2025-57735: JWT token reuse after logout in Apache Airflow
When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanis...
CVE-2026-0233 and CVE-2026-0234: Critical Vulnerabilities in Palo Alto Networks Cortex XSOAR, XSIAM and ADEM - Immediate Update Required
Two high severity vulnerabilities have been identified in Palo Alto Networks Cortex XSOAR, Cortex XSIAM, and ADEM. CVE-2026-0233 and CVE-2026-0234 could allow an unauthenticated attacker to bypass security mechanisms and execute arbitrary code on affected systems.
CVE-2026-1830: Unauthenticated RCE via REST API in Quick Playground plugin for WordPress
The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints tha...
CVE-2026-39912: Authentication token leak via loginWithMailLink in V2Board/Xboard
V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is active. Unau...
CVE-2026-40035: Flask debug mode enabled by default in Unfurl
Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed dire...
CVE-2026-4112: Critical Privilege Escalation Vulnerability in SonicWall SMA 1000 - Immediate Update Required
A privilege escalation vulnerability has been identified in SonicWall Secure Mobile Access (SMA) 1000 series devices. CVE-2026-4112 could allow a remote attacker to gain elevated privileges, potentially leading to system compromise and unauthorized access to network resources.
CVE-2026-5850: OS command injection via setVpnPassCfg() in Totolink A7100RU CGI
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the ...
CVE-2026-5851: OS command injection via setUPnPCfg() in Totolink A7100RU CGI
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of th...
CVE-2026-5852: OS command injection via setIptvCfg() in Totolink A7100RU CGI
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the arg...
CVE-2026-5853: OS command injection via setIpv6LanCfg() in Totolink A7100RU CGI
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI ...
CVE-2026-5854: OS command injection via setWiFiEasyCfg() in Totolink A7100RU CGI
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a...
CVE-2026-5975: OS command injection via setDmzCfg() in Totolink A7100RU CGI
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation...
CVE-2026-5976: OS command injection via setStorageCfg() in Totolink A7100RU CGI
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipu...
CVE-2026-5978: OS command injection via setWiFiAclRules() in Totolink A7100RU CGI
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipul...
CVE-2026-5977: OS command injection via setWiFiBasicCfg() in Totolink A7100RU CGI
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulati...
CVE-2023-46945: QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request
QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request...
CVE-2026-1340: Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution....
CVE-2026-25776: Perl code injection in Movable Type
Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute arbitrary Perl script....
CVE-2026-1346: Local privilege escalation to root in IBM Security Verify Access
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Acces...
CVE-2026-2942: Arbitrary file upload in ProSolution WP Client plugin for WordPress
The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all versions up to, and includi...
CVE-2026-31017: SSRF in Frappe ERPNext
A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before...
CVE-2026-3296: PHP Object Injection in Everest Forms plugin for WordPress
The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to...
CVE-2026-3535: Arbitrary file upload in WordPress
The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the `DSGVOGWPdownloadGoogleFonts()` function in all versions up to, a...
CVE-2026-4003: Privilege escalation via user meta update in Users Manager PN plugin for WordPress
The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary User Meta Update in all versions up to and including 1.1.15. This is due to a flawed authorization logic...
CVE-2021-4473: Command injection in Tianxin Internet Behavior Management System
Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint that allows unauthenticated attackers to execute arbitrary commands by supplyi...
CVE-2026-0740: Arbitrary file upload in Ninja Forms File Uploads plugin for WordPress
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function in all v...
CVE-2026-1114: Access control bypass in Parisneo lollms
In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens (JWT). This vulnerabilit...
CVE-2026-20889: Buffer overflow in LibRaw
A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can...
CVE-2026-20911: Buffer overflow in LibRaw
A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer over...
CVE-2026-22679: Unauthenticated RCE via Dubbo debug endpoint in Weaver E-cology
Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows atta...
CVE-2026-21413: Buffer overflow in LibRaw
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer ...
CVE-2026-23696: SQL injection in Windmill
Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through th...
CVE-2026-4631: SSH command injection via login endpoint in Cockpit
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit ...
CVE-2026-39355: Access control bypass in Kreaweb Genealogy
Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to transfer ownership of arbitrary...
CVE-2026-5627: Information disclosure in Mintplex Labs anything-llm
A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the `AgentFlows` component. The vulnerability arises from improper handling of user input...
CVE-2026-5731: Memory corruption in Mozilla Firefox
Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and w...
CVE-2026-5734: Memory corruption in Mozilla Firefox
Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with en...
CVE-2026-5735: Memory corruption in Mozilla Firefox
Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl...
CVE-2016-20052: Arbitrary file upload in Snews CMS
Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can u...
CVE-2017-20235: Authentication bypass in ProSoft Technology ICX35-HWC web UI
ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to ad...
CVE-2017-20234: Authentication bypass via hardcoded credentials in GarrettCom Magnum switches
GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the a...
CVE-2017-20236: Command injection in ProSoft Technology ICX35-HWC web UI
ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system comm...
CVE-2018-25236: Authentication bypass in Hirschmann HiOS/HiSecOS management
Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthentica...
CVE-2018-25237: Buffer overflow in Hirschmann HiSecOS
Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash th...
CVE-2018-25254: Buffer overflow in NICO-FTP NICO-FTP
NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to...
CVE-2021-4477: IPv6 IPsec firewall bypass in Hirschmann HiLCOS OpenBAT
Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers ...
CVE-2026-35616: Access control bypass in Fortinet Forticlientems
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests....
CVE-2017-20237: Authentication bypass in Hirschmann Industrial HiVision
Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remote attackers to execute arbit...
CVE-2026-0545: Unauthenticated RCE via job endpoints in MLflow
In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization when the `basic-auth` app is enabled. This vulnerability affects the lates...
CVE-2026-25197: IDOR in Gardyn user profile API
A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call....
CVE-2026-26135: SSRF in Microsoft Azure Custom Locations Resource Provider
Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network....
CVE-2026-28373: Path traversal in Stackfield Desktop App
The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can...
CVE-2026-28766: Unauthenticated user account disclosure in Gardyn
A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication....
CVE-2026-32211: Missing authentication in Azure MCP Server
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network....
CVE-2026-32213: Improper authorization in Azure AI Foundry
Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network....
CVE-2026-33105: Improper authorization in Microsoft Azure Kubernetes Service
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network....
CVE-2026-33107: SSRF in Azure Databricks
Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network....
CVE-2026-2699: Unauthenticated configuration access in Citrix ShareFile Storage Zones Controller
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote ...
CVE-2026-25212: Shell command execution via Add Data Source in Percona PMM
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to...
CVE-2026-2701: Authenticated file upload RCE in Citrix ShareFile Storage Zones Controller
Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution....
CVE-2026-33615: SQL injection in MB connect line mbCONNECT24
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This c...
CVE-2026-34877: Memory corruption in Mbed TLS
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the seri...
CVE-2026-3502: TrueConf Client Download of Code Without Integrity Check Vulnerability
TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payloa...
CVE-2024-40489: Command injection in Jeecg Boot
There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP ...
CVE-2024-43028: Command injection in Jeecg Boot /jmreport endpoint
A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request....
CVE-2025-15484: Authentication bypass in Order Notification for WooCommerce plugin
The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write acces...
CVE-2025-71279: Passkey authentication compromise in XenForo
XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication....
CVE-2026-20093: Authentication bypass in Cisco Integrated Management Controller
A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the sys...
CVE-2026-20160: Unauthenticated command execution in Cisco Smart Software Manager On-Prem
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SS...
CVE-2026-29014: Unauthenticated PHP code injection in MetInfo CMS
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP...
CVE-2026-30643: Code execution via module upload in DedeCMS
An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload....
CVE-2026-31027: Buffer overflow in Totolink A3600r Firmware
TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste_modules/app.so. The vulnerability occurs because the rootSsid parameter is not ...
CVE-2026-34872: Contributory-behavior flaw in FFDH in Arm Mbed TLS
An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-He...
CVE-2026-5281: Google Dawn Use-After-Free Vulnerability
Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability c...
CVE-2026-34875: Buffer overflow in Mbed TLS
An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys....
CVE-2026-5288: Use-after-free in Google Chrome
Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted H...
CVE-2026-5289: Use-after-free in Google Chrome
Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
CVE-2026-5290: Use-after-free in Google Chrome
Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag...
CVE-2025-15618: Insecure secret key in Perl Business::OnlinePayment::StoredTransaction
Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a singl...
CVE-2026-0596: Privilege escalation in MLflow
A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver=True`. The `model_uri` is embedded directly into a shell command executed via `bash -c` without pro...
CVE-2026-1579: Unauthenticated command execution via unsigned MAVLink in PX4 Autopilot
The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIAL_CONTROL, which provides ...
CVE-2026-30282: Arbitrary file overwrite in UXGROUP Cast to TV Screen Mirroring
An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code...
CVE-2026-32916: Authorization bypass via plugin subagent routes in OpenClaw
OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administra...
CVE-2026-33579: Privilege escalation in Openclaw
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privil...
CVE-2026-32917: Command injection via iMessage attachment SCP in OpenClaw
OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The ...
CVE-2026-32920: Arbitrary code execution via plugin auto-load in OpenClaw
OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious c...
CVE-2026-3300: PHP code injection RCE in Everest Forms Pro plugin for WordPress
The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's process_fi...
CVE-2026-4257: Remote code execution in WordPress
The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in all versions up to, and including, 1.7.36. This is d...
CVE-2026-3055: Citrix NetScaler Out-of-Bounds Read Vulnerability
Citrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability when configured as a SAML IDP lead...
CVE-2026-30562: Cross-site scripting in Ahsanriaz26gmailcom Sales And Inventory System
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_stock.php file via the "msg" parameter. The applic...
CVE-2026-34714: Code execution via crafted file in Vim
Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE....
CVE-2026-5128: Steam credentials exposure in ArthurFiorette steam-trader
A sensitive information exposure vulnerability exists in ArthurFiorette steam-trader 2.1.1. An unauthenticated attacker can send a request to the /users API endpoint to retrieve highly sensitive Steam...
CVE-2026-32922: Privilege escalation in Openclaw
OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrai...
CVE-2026-32973: Exec allowlist bypass via glob matching in OpenClaw
OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX ...
CVE-2026-32987: Privilege escalation in Openclaw
OpenClaw before 2026.3.13 allows bootstrap setup codes to be replayed during device pairing verification in src/infra/device-bootstrap.ts. Attackers can verify a valid bootstrap code multiple times be...
CVE-2026-22738: SpEL injection in Spring AI SimpleVectorStore
In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. ...
CVE-2026-27876: Remote code execution in Grafana
A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact (RCE). This is enabled by a feature in Grafana (OSS), so all users are always ...
CVE-2026-30302: Command injection in Coderider Kilo Coderider
The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect us...
CVE-2026-30303: Command injection in Matterai Axon Code
The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of ...
CVE-2026-30304: Automatic command execution bypass in AI Code
In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by th...
CVE-2026-30530: SQL injection in Oretnom23 Online Food Ordering System
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The application fails to properly sanitize user...
CVE-2026-30532: SQL injection in Oretnom23 Online Food Ordering System
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter....
CVE-2026-30533: SQL injection in Oretnom23 Online Food Ordering System
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter....
CVE-2026-33634: Aquasecurity Trivy Embedded Malicious Code Vulnerability
Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credentia...
CVE-2026-4484: Privilege escalation in Masteriyo LMS plugin for WordPress
The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the ...
CVE-2026-4809: Arbitrary file upload in Laravel
plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload handling....
CVE-2026-20688: Sandbox escape via path handling in Apple iOS/iPadOS
A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4. An app may be...
CVE-2026-25366: Critical Vulnerability in HP Woody ad snippets - Immediate Update Required
Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through <= 2.7.1....
CVE-2026-25447: Critical Vulnerability in Widget Wrangler - Immediate Update Required
Improper Control of Generation of Code ('Code Injection') vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a throug...
CVE-2026-26830: Critical Vulnerability in npm pdf-image - Immediate Update Required
pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to i...
CVE-2026-26832: Critical Vulnerability in npm node-tesseract-ocr - Immediate Update Required
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize() function in src/index.js is vulnerable to OS Command Injection. T...
CVE-2026-27044: Critical Vulnerability in Total Poll Lite - Immediate Update Required
Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through <...
CVE-2026-27049: Authentication bypass in NooTheme Jobica Core
Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core allows Authentication Abuse.This issue affects Jobica Core: from n/a through <= 1.4.2....
CVE-2026-27084: Deserialization in ThemeREX Buisson buisson
Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects Buisson: from n/a through <= 1.1.11....
CVE-2026-28827: Sandbox escape via directory path parsing in Apple macOS
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able t...
CVE-2026-28858: Critical Vulnerability in Apple iOS - Immediate Update Required
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote user may be able to cause unexpected system termination or corrupt kernel memor...
CVE-2026-31920: SQL injection in Devteam HaywoodTech Product Rearrange for WooCommerce
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Blind ...
CVE-2026-32499: SQL injection in QuantumCloud ChatBot
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a throu...
CVE-2026-32519: Privilege escalation in Bit Apps Bit SMTP
Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue affects Bit SMTP: from n/a through <= 1.2.2....
CVE-2026-32523: Arbitrary file upload in WPJAM Basic plugin for WordPress
Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through <= 6.9.2....
CVE-2026-32525: Critical Vulnerability in JetFormBuilder - Immediate Update Required
Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.6....
CVE-2026-32536: Critical Vulnerability in Green Downloads - Immediate Update Required
Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green Downloads halfdata-paypal-green-downloads allows Using Malicious Files.This issue affects Green Downloads: from n/a thro...
CVE-2026-32539: Critical Vulnerability in PublishPress PublishPress Revisions revisionary - Immediate Update Required
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects Publ...
CVE-2026-32573: Critical Vulnerability in Nelio AB Testing - Immediate Update Required
Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through ...
CVE-2026-33017: Langflow Code Injection Vulnerability
Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication....
CVE-2026-4001: Critical Vulnerability in WordPress Woocommerce Custom Product Addons Pro - Immediate Update Required
The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval() in the process_c...
CVE-2026-4283: Critical Vulnerability in WordPress WP DSGVO Tools (GDPR) - Immediate Update Required
The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the `super-unsubscribe` AJAX action accept...
CVE-2026-4688: Critical Vulnerability in Mozilla Firefox - Immediate Update Required
Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9....
CVE-2026-4691: Critical Vulnerability in Mozilla Firefox - Immediate Update Required
Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9....
CVE-2026-4696: Critical Vulnerability in Mozilla Firefox - Immediate Update Required
Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9....
CVE-2026-4698: Critical Vulnerability in Mozilla Firefox - Immediate Update Required
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9....
CVE-2026-4700: Critical Vulnerability in Mozilla Firefox - Immediate Update Required
Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9....
CVE-2026-4701: Critical Vulnerability in Mozilla Firefox - Immediate Update Required
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9....
CVE-2026-4702: Critical Vulnerability in Mozilla Firefox - Immediate Update Required
JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9....
CVE-2026-4705: Critical Vulnerability in Mozilla Firefox - Immediate Update Required
Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9....
CVE-2026-4711: Critical Vulnerability in Mozilla Firefox - Immediate Update Required
Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9....
CVE-2026-4715: Critical Vulnerability in Mozilla Firefox - Immediate Update Required
Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9....
CVE-2026-4716: Critical Vulnerability in Mozilla Firefox - Immediate Update Required
Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9....
CVE-2026-4717: Critical Vulnerability in Mozilla Firefox - Immediate Update Required
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9....
CVE-2026-4720: Memory corruption in Mozilla Firefox
Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort ...
CVE-2026-4723: Critical Vulnerability in Mozilla Firefox - Immediate Update Required
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149....
CVE-2026-4725: Critical Vulnerability in Mozilla Firefox - Immediate Update Required
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149....
CVE-2026-4750: Critical Vulnerability in woof - Immediate Update Required
Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0....
CVE-2026-4753: Critical Vulnerability in RetroDebugger - Immediate Update Required
Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72....
CVE-2026-4755: Critical Vulnerability in Android-ImageMagick7 - Immediate Update Required
CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11....
CVE-2026-3587: Critical Vulnerability in Embedded Device CLI - Immediate Update Required
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise ...
CVE-2026-4567: Critical Vulnerability in Tenda A15 - Immediate Update Required
A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffe...
CVE-2026-4599: Critical Vulnerability in npm jsrsasign - Immediate Update Required
Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functio...
CVE-2026-21992: Critical Vulnerability in Oracle Oracle Identity Manager - Immediate Update Required
Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Servi...
CVE-2026-22732: Critical Vulnerability in VMware Spring Security - Immediate Update Required
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security:...
CVE-2026-32194: Critical Vulnerability in Microsoft Bing Images - Immediate Update Required
Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network....
CVE-2026-32985: Critical Vulnerability in HP Xerte Online Toolkits - Immediate Update Required
Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the template import functionality. The issue exists in /website_code/php/import/import...
CVE-2026-33134: SQL injection in Wegia
WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurar_produto.php endpoint. The vulnerability a...
CVE-2026-4038: Critical Vulnerability in WordPress Aimogen Pro - Immediate Update Required
The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomatic_call_ai_function_realtime' functi...
CVE-2026-20131: Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management ...
CVE-2026-22557: Critical Path Traversal in Ubiquiti UniFi Network (CVSS 10.0)
Critical Path Traversal vulnerability in Ubiquiti UniFi Network Application (CVSS 10.0) allows unauthenticated attackers to access OS files and achieve account takeover. Affects Dream Machine and all UniFi Network Application installations <= 10.1.85.
CVE-2026-22558: Ubiquiti UniFi Network NoSQL Injection Vulnerability (CVSS 7.7)
NoSQL Injection vulnerability in Ubiquiti UniFi Network Application (CVSS 7.7) enables authenticated attackers to escalate privileges. When chained with CVE-2026-22557 (CVSS 10.0), it creates an attack chain leading to full system compromise.
CVE-2026-23554: Critical Citrix XenServer Vulnerability - Host Memory Leak from Guest VM
CVE-2026-23554 in Citrix XenServer 8.4 and earlier allows a privileged user within a guest VM to access portions of host memory, potentially leading to privilege escalation, information disclosure, or system availability compromise.
CVE-2026-27065: Critical Vulnerability in ThimPress BuilderPress - Immediate Update Required
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress allows PHP Local File Inclusion.This issue affects Build...
CVE-2026-27067: Arbitrary file upload in Mobile App Editor plugin for WordPress
Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through 1.3.1....
CVE-2026-27413: Critical Vulnerability in Profile Builder Pro - Immediate Update Required
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: ...
CVE-2026-27540: Critical Vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture - Immediate Update Required
Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Using Malicious Files.This issue affects Woocommerce Wholesale Lead Ca...
CVE-2026-27542: Critical Vulnerability in Woocommerce Wholesale Lead Capture - Immediate Update Required
Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Privilege Escalation.This issue affects Woocommerce Wholesale Lead Capture: from n/a th...
CVE-2026-30402: Critical Vulnerability in wgcloud - Immediate Update Required
An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection function...
CVE-2026-32865: Critical Vulnerability in OPEXUS eComplaint and eCASE before - Immediate Update Required
OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an e...
CVE-2026-20963: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network....
CVE-2026-32698: SQL injection in Openproject
OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection attack via a custom field's name. When tha...
CVE-2026-3909: Google Skia Out-of-Bounds Write Vulnerability
Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome an...
CVE-2026-3910: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a...
CVE-2026-1603: Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential d...
CVE-2026-21385: Qualcomm Multiple Chipsets Memory Corruption Vulnerability
Multiple Qualcomm chipsets contain a memory corruption vulnerability while using alignments for memory allocation. ...
CVE-2026-28363: tools.exec.safeBins validation bypass in OpenClaw
In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leading to approval-free executio...
CVE-2026-20127: Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability
Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authentication bypass vulnerability could allow an unauthenticated, rem...
CVE-2026-25108: Soliton Systems K.K FileZen OS Command Injection Vulnerability
Soliton Systems K.K FileZen contains an OS command injection vulnerability when an user logs-in to the affected product and sends a specially crafted HTTP request....
CVE-2026-27593: Password reset token interception in Statamic CMS
Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's ...
CVE-2026-26980: Unauthenticated database read in Ghost CMS
Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1....
CVE-2026-22769: Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability
Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an unauthenticated remote attacker to gain unauthorized access to the underlyin...
CVE-2026-2441: Google Chromium CSS Use-After-Free Vulnerability
Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple ...
CVE-2026-1731: BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute opera...
CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability
Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capabi...
CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability
Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. ...
CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability
Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network....
CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally....
CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability
Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally....
CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability
Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally....
CVE-2026-24423: SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability
SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a mali...
CVE-2026-1281: Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution....
CVE-2026-24858: Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability
Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registere...
CVE-2026-21509: Microsoft Office Security Feature Bypass Vulnerability
Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a secu...
CVE-2026-23760: SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability
SmarterTools SmarterMail contains an authentication bypass using an alternate path or channel vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and ...
CVE-2026-24061: GNU InetUtils Argument Injection Vulnerability
GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER environment variable....
CVE-2025-15036: Path traversal in MLflow extract_archive_to_dir
A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file of the mlflow/mlflow repository. This vulnerability, present ...
CVE-2025-15379: Command injection in MLflow model serving
A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the `_install_model_dependencies_to_env()` function. When deploying a model with `env_...
CVE-2025-53521: F5 BIG-IP Unspecified Vulnerability
F5 BIG-IP AMP contains an unspecified vulnerability that could allow a threat actor to achieve remote code execution....
CVE-2025-32991: Critical Vulnerability in N2WS Backup & Recovery - Immediate Update Required
In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution....
CVE-2025-33244: Critical Vulnerability in Linux NVIDIA APEX for Linux - Immediate Update Required
NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a deserialization of untrusted data. This vulnerability affects environments that use PyTorch versions earlier...
CVE-2025-60949: Critical Vulnerability in Census CSWeb 8.0.1 - Immediate Update Required
Census CSWeb 8.0.1 allows app/config to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8...
CVE-2025-71275: Critical Vulnerability in Zimbra Zimbra Collaboration Suite - Immediate Update Required
Zimbra Collaboration Suite (ZCS) PostJournal service version 8.8.15 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by exploiting ...
CVE-2025-31277: Apple Multiple Products Buffer Overflow Vulnerability
Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corrup...
CVE-2025-32432: High-Risk Craft CMS Vulnerability (EPSS: 79%)
Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code....
CVE-2025-43510: Apple Multiple Products Improper Locking Vulnerability
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes....
CVE-2025-43520: Apple Multiple Products Classic Buffer Overflow Vulnerability
Apple watchOS, iOS, iPadOS, macOS, visionOS, tvOS, and iPadOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write ...
CVE-2025-54068: Laravel Livewire Code Injection Vulnerability
Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios....
CVE-2025-60233: Deserialization in Themeton Zuut
Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2....
CVE-2025-60237: Deserialization in Themeton Finag
Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from n/a through 1.5.0....
CVE-2025-66376: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) @import directives in email HTML....
CVE-2025-68613: High-Risk n8n Vulnerability (EPSS: 79%)
n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution....
CVE-2025-26399: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine....
CVE-2025-40538: Access control bypass in Solarwinds Serv-U
A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via do...
CVE-2025-40539: Type confusion leading to RCE in SolarWinds Serv-U
Security Alert - CVE-2025-40539 (Solarwinds Serv-U). CVSS: 9.1 (critical). EPSS: 0%.
CVE-2025-40540: Type confusion leading to RCE in SolarWinds Serv-U
Security Alert - CVE-2025-40540 (Solarwinds Serv-U). CVSS: 9.1 (critical). EPSS: 0%.
CVE-2025-40541: IDOR leading to RCE in SolarWinds Serv-U
Security Alert - CVE-2025-40541 (Solarwinds Serv-U). CVSS: 9.1 (critical). EPSS: 0%.
CVE-2025-49113: High-Risk Webmail Vulnerability (EPSS: 90%)
RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/a...
CVE-2025-68461: RoundCube Webmail Cross-site Scripting Vulnerability
RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document....
CVE-2025-12107: Server-side template injection in WSO2 Identity Server
Security Alert - CVE-2025-12107 (Wso2 Identity Server). CVSS: 10.0 (critical). EPSS: 0%.
CVE-2025-13590: Remote code execution in Wso2 Api Control Plane
A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location within the deployment via a system REST API. Successful uploads may lead to remote code exec...
CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability
Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute ...
CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability
SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality....
CVE-2025-11953: React Native Community CLI OS Command Injection Vulnerability
React Native Community CLI contains an OS command injection vulnerability which could allow unauthenticated network attackers to send POST requests to the Metro Development Server and run arbitrary ex...
CVE-2025-40551: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This co...
CVE-2025-64328: Sangoma FreePBX OS Command Injection Vulnerability
Sangoma FreePBX Endpoint Manager contains an OS command injection vulnerability that could allow for a post-authentication command injection by an authenticated known user via the testconnection -> ch...
CVE-2025-52691: SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability
SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbitrary files to any location on the mail se...
CVE-2016-20049: Buffer overflow in JAD
JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers ...
CVE-2017-20225: Buffer overflow in Ticalc Tiemu
TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can...
CVE-2017-20227: Buffer overflow in Varaneckas Jad Java Decompiler
JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boun...
CVE-2017-20229: Buffer overflow in Invisible Island Mawk
MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers ...
CVE-2018-25220: Buffer overflow in Bochs Project Bochs
Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malici...
CVE-2018-25221: Buffer overflow in Echatserver Easy Chat Server
EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can se...
CVE-2018-25223: Buffer overflow in Ftnapps Crashmail Ii
Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can craft payloads wi...
CVE-2014-125112: Remote code execution in Perl Plack::Middleware::Session::Cookie
Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows a...
CVE-2019-25628: Critical Vulnerability in Download Accelerator Plus DAP - Immediate Update Required
Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attacker...
CVE-2019-25646: Critical Vulnerability in Tabs Mail Carrier 2.5.1 - Immediate Update Required
Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attacker...
CVE-2019-25614: Critical Vulnerability in Free Float FTP 1.0 - Immediate Update Required
Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized paylo...
CVE-2006-10003: Critical buffer overflow in Perl XML::Parser - Immediate Update Required
XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will ...
CVE-2021-22054: 2021 Vulnerability Now Actively Exploited (Omnissa)
Omnissa Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a malicious actor with network access to UEM to send t...
CVE-2017-7921: 2017 Vulnerability Now Actively Exploited (Hikvision)
Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information....
CVE-2021-22681: 2021 Vulnerability Now Actively Exploited (Rockwell)
Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to verify Logix controlle...
CVE-2021-30952: 2021 Vulnerability Now Actively Exploited (Apple)
Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution...
CVE-2023-41974: 2023 Vulnerability Now Actively Exploited (Apple)
Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges....
CVE-2023-43000: 2023 Vulnerability Now Actively Exploited (Apple)
Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption....
CVE-2022-20775: 2022 Vulnerability Now Actively Exploited (Cisco)
Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands within the application CL...
CVE-2008-0015: 2008 Vulnerability Now Actively Exploited (Microsoft)
Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the ...
CVE-2020-7796: 2020 Vulnerability Now Actively Exploited (Synacor)
Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP is enabled....
CVE-2024-7694: 2024 Vulnerability Now Actively Exploited (TeamT5)
TeamT5 ThreatSonar Anti-Ransomware contains an unrestricted upload of file with dangerous type vulnerability. ThreatSonar Anti-Ransomware does not properly validate the content of uploaded files. Remo...
CVE-2024-43468: 2024 Vulnerability Now Actively Exploited (Microsoft)
Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment wh...
CVE-2019-19006: 2019 Vulnerability Now Actively Exploited (Sangoma)
Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services provided by the FreePBX admin....
CVE-2018-14634: 2018 Vulnerability Now Actively Exploited (Linux)
Linux Kernel contains an integer overflow vulnerability in the create_elf_tables() function which could allow an unprivileged local user with access to SUID (or otherwise privileged) binary to escalat...