179
CVEs
41
Threats
0
News
5
Critical
5
CISA KEV
🛡 Security Vulnerabilities (CVE)
CVE-2014-7169
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability — GNU Bash through 4.3 processes trailing strings a
11:01 KSA
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability…
CVE-2014-8361
Realtek SDK Improper Input Validation Vulnerability — Realtek SDK contains an improper input validation vulnerability in
11:01 KSA
Realtek SDK Improper Input Validation Vulnerability — Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request.
CVE-2014-8439
Adobe Flash Player Dereferenced Pointer Vulnerability — Adobe Flash Player has a vulnerability in the way it handles a d
11:01 KSA
Adobe Flash Player Dereferenced Pointer Vulnerability — Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution.
CVE-2014-9163
Adobe Flash Player Stack-Based Buffer Overflow Vulnerability — Stack-based buffer overflow in Adobe Flash Player allows
11:01 KSA
Adobe Flash Player Stack-Based Buffer Overflow Vulnerability — Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.
CVE-2015-0016
Microsoft Windows TS WebProxy Directory Traversal Vulnerability — Directory traversal vulnerability in the TS WebProxy (
11:01 KSA
Microsoft Windows TS WebProxy Directory Traversal Vulnerability — Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges.
CVE-2019-25647
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attac
06:54 KSA
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint…
CVE-2025-41660
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enab
11:22 KSA
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.
CVE-2026-30932
Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint (accessi
23:54 KSA
Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint (accessible to customers with DNS enabled) does not validate the content field for several DNS record types (LOC, RP, SSHFP, TLSA). An attacker can inject newlines and …
CVE-2026-33336
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, t
21:55 KSA
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables `nodeIntegration` in the main BrowserWindow and does not restrict same-window navigations. An attacker who can place…
CVE-2026-3533
The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_pop
11:22 KSA
The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_popup_templates() function as well as insufficient file type validation in the upload_files() function in all versions up to, and including, 4.14.1. This makes it …
CVE-2026-4639
Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated rem
11:22 KSA
Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges.
CVE-2026-4687
Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149
06:54 KSA
Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4690
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects
06:54 KSA
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2019-25626
River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows lo
11:22 KSA
River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code string. Attackers can craft a buffer containing 608 bytes of junk data followed…
CVE-2019-25627
FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to exec
11:22 KSA
FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Attackers can craft a malicious text file with carefully aligned shellcode and S…
CVE-2019-25629
AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functional
11:22 KSA
AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monito…
CVE-2019-25631
AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attac
11:22 KSA
AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode. Attackers can inject egg hunter shellcode through the SMTP display name fie…
CVE-2019-25633
AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attack
11:22 KSA
AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email preferences and report wizard interfaces. Attackers can inject crafted payloads int…
CVE-2019-25634
Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitra
11:22 KSA
Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input file that overflows a buffer, overwrites the SEH cha…
CVE-2019-25637
X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code
11:22 KSA
X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers can inject shellcode into memory and use an egg hunter technique to locate and exe…
CVE-2019-25635
Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate
11:22 KSA
Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile_list endpoint. Attackers can inject SQL code via the up_cast, s_mother, and s_religion parameters to extract sensitive dat…
CVE-2019-25636
Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database
11:22 KSA
Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' GET parameter. Attackers can send crafted requests to news_details.php, jobs_details.php, or job_cmp_details.php…
CVE-2019-25639
Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to
11:22 KSA
Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, r…
CVE-2019-25640
Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate databas
11:22 KSA
Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive dat…
CVE-2019-25641
Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate data
11:22 KSA
Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgotten_passw…
CVE-2019-25642
Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary
11:22 KSA
Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can inject SQL payloads into the thread_id parameter of forum-thread.php, the subjec…
CVE-2019-25643
eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute ar
06:54 KSA
eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid p…
CVE-2026-27654
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to
18:01 KSA
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or des…
CVE-2026-32853
LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the
21:55 KSA
LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checkin…
CVE-2026-33668
Vikunja is an open-source self-hosted task management platform. Starting in version 0.18.0 and prior to version 2.2.1, w
21:55 KSA
Vikunja is an open-source self-hosted task management platform. Starting in version 0.18.0 and prior to version 2.2.1, when a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. Three other authentication paths — A…
CVE-2026-4021
The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in
11:22 KSA
The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in `users-registry-check-after-email-or-pin-confirmation.php` using the…
CVE-2026-4718
Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Th
18:01 KSA
Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-33335
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, t
21:55 KSA
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper passes URLs from `window.open()` calls directly to `shell.openExternal()` without any validation or protocol allowlisting. A…
CVE-2025-33247
NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code executi
23:54 KSA
NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2025-33248
NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script where an Attacker may cause an RCE by convin
23:54 KSA
NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information dis…
CVE-2026-24150
NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a use
23:54 KSA
NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, a…
CVE-2026-24151
NVIDIA Megatron-LM contains a vulnerability in inferencing where an Attacker may cause an RCE by convincing a user to lo
23:54 KSA
NVIDIA Megatron-LM contains a vulnerability in inferencing where an Attacker may cause an RCE by convincing a user to load a maliciously crafted input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and dat…
CVE-2026-24152
NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a use
23:54 KSA
NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, a…
CVE-2026-27784
The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow
18:01 KSA
The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX…
CVE-2026-32647
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker t
18:01 KSA
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 fil…
CVE-2026-32948
sbt is a build tool for Scala, Java, and others. From version 0.9.5 to before version 1.12.7, on Windows, sbt uses Proce
23:54 KSA
sbt is a build tool for Scala, Java, and others. From version 0.9.5 to before version 1.12.7, on Windows, sbt uses Process("cmd", "/c", ...) to run VCS commands (git, hg, svn). The URI fragment (branch, tag, revision) is user-controlled via the build definition and passed to thes…
CVE-2026-4775
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the
18:01 KSA
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer …
CVE-2026-27651
When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause
18:01 KSA
When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by retu…
CVE-2026-30653
An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuth
18:01 KSA
An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF
CVE-2026-32854
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the
21:55 KSA
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. A…
CVE-2026-33174
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, a
11:22 KSA
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the proxy controller loads the entire requested byte range into memory before sendi…
CVE-2026-33176
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to v
11:22 KSA
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation (e.g. `1e10000`), which `BigDecimal` expands …
CVE-2026-33241
Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`form_data()` method
11:22 KSA
Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`form_data()` method and `Extractible` macro) do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory (OOM) condit…
CVE-2026-33306
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt() password hashing algorithm. Prior to version 3.1.22, an integer o
23:54 KSA
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt() password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 t…
CVE-2026-33332
NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.add_media_file() and app.add_media_files()
23:54 KSA
NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.add_media_file() and app.add_media_files() media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implem…
CVE-2026-33497
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_p
18:01 KSA
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, the folder_name and file_name parameters are not strictly filtered, which a…
CVE-2026-33498
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version
23:54 KSA
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.55 and 9.6.0-alpha.44, an attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang th…
CVE-2026-33508
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version
23:54 KSA
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.56 and 9.6.0-alpha.45, Parse Server's LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocke…
CVE-2026-33509
pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97,
23:54 KSA
pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97, the set_config_value() API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.s…
CVE-2026-33538
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version
23:54 KSA
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and 9.6.0-alpha.52, an unauthenticated attacker can cause denial of service by sending authentication requests with arbitrary, unconfigured provider na…
CVE-2026-3509
An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of th
11:22 KSA
An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.
CVE-2026-4640
Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated re
11:22 KSA
Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information.
CVE-2026-4662
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all version
11:22 KSA
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3.8.6.1. This is due to the `filtered_query` parameter being excluded from the HMAC signature validation (allowing attacker-controlled i…
CVE-2026-4685
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR
06:54 KSA
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4686
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR
06:54 KSA
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4693
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox
06:54 KSA
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4694
Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Fir
06:54 KSA
Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4695
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefo
06:54 KSA
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4697
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefo
06:54 KSA
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4699
Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox
06:54 KSA
Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4704
Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thu
06:54 KSA
Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4706
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR
06:54 KSA
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4707
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR
18:01 KSA
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4708
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9,
18:01 KSA
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4709
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR <
18:01 KSA
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4712
Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Th
18:01 KSA
Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4713
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9,
18:01 KSA
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4714
Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.
18:01 KSA
Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4719
Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 1
18:01 KSA
Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4726
Denial-of-service in the XML component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
18:01 KSA
Denial-of-service in the XML component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVE-2026-4727
Denial-of-service in the Libraries component in NSS. This vulnerability affects Firefox < 149 and Thunderbird < 149.
18:01 KSA
Denial-of-service in the Libraries component in NSS. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVE-2026-4613
A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /pr
11:22 KSA
A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be…
CVE-2026-4615
A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the
11:22 KSA
A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. The attack may be performed from remote. The exploit is publicly available an…
CVE-2026-4617
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element
11:22 KSA
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/api_patient_checkin.php of the component Patient Check-In Module. Executing a manipulation can lead to improper …
CVE-2026-4623
A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c
11:22 KSA
A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument ur…
CVE-2026-4624
A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown
11:22 KSA
A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack ca…
CVE-2026-4625
A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown function of the file /progr
11:22 KSA
A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown function of the file /programmes.php. Executing a manipulation of the argument program can lead to sql injection. The attack can be launched remotely. The exploit has been published and m…
CVE-2026-4632
A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of
11:22 KSA
A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack ma…
CVE-2026-33157
Craft CMS is a content management system (CMS). From version 5.6.0 to before version 5.9.13, a Remote Code Execution (RC
21:55 KSA
Craft CMS is a content management system (CMS). From version 5.6.0 to before version 5.9.13, a Remote Code Execution (RCE) vulnerability exists in Craft CMS, it can be exploited by any authenticated user with control panel access. This is a bypass of a previous fix. The existing …
CVE-2026-33539
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version
23:54 KSA
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.59 and 9.6.0-alpha.53, an attacker with master key access can execute arbitrary SQL statements on the PostgreSQL database by injecting SQL metacharacters …
CVE-2026-4627
A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_tim
11:22 KSA
A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handler_update_system_time of the file libdeuteron_modules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This v…
CVE-2019-25638
Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute
11:22 KSA
Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL pay…
CVE-2019-25574
Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files an
09:54 KSA
Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the theme_name parameter in the themeexporthandle action or supply base64-enc…
CVE-2019-25582
i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensi
09:54 KSA
i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Attackers can send GET requests to index.php with file_manager=image and supply arbitrary file paths…
CVE-2019-25600
UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by sup
09:54 KSA
UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field an…
CVE-2019-25610
NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users
09:54 KSA
NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated users to download arbitrary files by injecting directory traversal sequences. Attackers can manipulate the path parameter with base64-encoded payloads containing ../…
CVE-2025-10736
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for
09:54 KSA
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authorization checks on the userAccessibility() function in all versions up to, and incl…
CVE-2025-6229
The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Tabl
09:54 KSA
The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `Fancy Text Widget` And `Countdown Wid…
CVE-2025-71276
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.
09:54 KSA
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.
CVE-2026-3427
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-
09:54 KSA
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `jsonText` block attribute in all versions up to, and including, 27.1.1 due to insufficient input sanitization and output escaping. T…
CVE-2026-4513
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the fi
09:54 KSA
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public a…
CVE-2026-4514
A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/ad
09:54 KSA
A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. The atta…
CVE-2026-4515
A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the
09:54 KSA
A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been discl…
CVE-2026-4516
A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file
09:54 KSA
A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely.…
CVE-2026-4533
A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown fu
09:54 KSA
A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exp…
CVE-2026-4543
A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin
09:54 KSA
A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmz_flag/del_flag results in command injection. It is possible to…
CVE-2026-4548
A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function
09:54 KSA
A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launch…
CVE-2026-4554
A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the f
09:54 KSA
A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been r…
CVE-2026-4568
A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file
09:54 KSA
A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /update_supplier.php of the component HTTP GET Request Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remot…
CVE-2026-4569
A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the
09:54 KSA
A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /view_category.php of the component HTTP POST Request Handler. This manipulation of the argument searchtxt causes sql injection. Remote exploitation of th…
CVE-2026-4570
A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the
09:54 KSA
A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /view_customers.php of the component HTTP POST Request Handler. Such manipulation of the argument searchtxt leads to sql injection. The attack can be execu…
CVE-2026-4571
A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is
09:54 KSA
A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_payments.php of the component HTTP POST Request Handler. Performing a manipulation of the argument searchtxt results …
CVE-2026-4572
A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown
09:54 KSA
A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /view_product.php of the component HTTP POST Request Handler. Executing a manipulation of the argument searchtxt can lead to sql injec…
CVE-2026-4573
A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part
09:54 KSA
A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/form_handlers/delete_post.php of the component HTTP GET Parameter Handler. The manipulation of the argument post_id leads to sql injection…
CVE-2026-4574
A vulnerability was detected in SourceCodester Simple E-learning System 1.0. This vulnerability affects unknown code of
09:54 KSA
A vulnerability was detected in SourceCodester Simple E-learning System 1.0. This vulnerability affects unknown code of the component User Profile Update Handler. The manipulation of the argument firstName results in sql injection. It is possible to launch the attack remotely. Th…
CVE-2026-4586
A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-serve
09:54 KSA
A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web/api/controller/driver/JdbcDriverController.java of the component JDBC Driver Upl…
CVE-2026-4589
A vulnerability was identified in kalcaddle kodbox 1.64. The affected element is the function PathDriverUrl of the file
09:54 KSA
A vulnerability was identified in kalcaddle kodbox 1.64. The affected element is the function PathDriverUrl of the file /workspace/source-code/app/controller/explorer/editor.class.php of the component fileGet Endpoint. Such manipulation of the argument path leads to server-side r…
CVE-2019-25544
Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providi
09:54 KSA
Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Attackers can input a buffer of 1000 characters in the username field and trigger a crash when j…
CVE-2019-25545
Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the applic
09:54 KSA
Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Attackers can input a 5000-byte buffer of data into the 'Computer name or IP address' …
CVE-2019-25546
NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the
09:54 KSA
NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by pasting a 1000-byte buffer into the Share Name parameter when …
CVE-2019-25547
NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash
09:54 KSA
NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash the application by supplying oversized input. Attackers can paste a malicious buffer of 512 bytes into the 'Add a website or keyword to be filtered' field and …
CVE-2019-25548
BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application b
09:54 KSA
BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer of 100,000 'A' characters into the search field and trigger a search operation to…
CVE-2019-25549
VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the applicatio
09:54 KSA
VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Attackers can trigger a buffer overflow by entering a 3000-byte password in the PDF Security encryption fiel…
CVE-2019-25550
Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputti
09:54 KSA
Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog …
CVE-2019-25551
Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supply
09:54 KSA
Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Attackers can paste a buffer of 5000 characters into the 'Select or enter a program' f…
CVE-2019-25553
CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the applicatio
09:54 KSA
CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed JPG file with an oversized buffer and trigger the crash through the import funct…
CVE-2019-25555
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Script Recorder component that allows lo
09:54 KSA
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Script Recorder component that allows local attackers to crash the application by supplying an excessively large buffer. Attackers can paste a malicious string containing 500,000 characters into the D…
CVE-2019-25556
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local
09:54 KSA
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a malicious string into the New Width or New Height field to tri…
CVE-2019-25557
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers to crash the applic
09:54 KSA
TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers to crash the application by importing a malformed .srp script file. Attackers can create a .srp file containing an excessively large buffer and import it through the Script Player…
CVE-2019-25558
Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers t
09:54 KSA
Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into the New Width or New Height field to trig…
CVE-2019-25561
Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by sup
09:54 KSA
Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Title field. Attackers can paste a 5000-byte buffer into the Title input field and save the file to trigger a denial of…
CVE-2019-25563
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by
09:54 KSA
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability through the Create SC feature by selecting a crafted BMP file with an oversized buffer…
CVE-2019-25565
Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows
09:54 KSA
Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows local attackers to crash the application by submitting an oversized input. Attackers can generate a file containing 5000 bytes of data, paste it into the Seria…
CVE-2019-25566
TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the
09:54 KSA
TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can create a malicious file with 1000 repeated characters, paste the content into the volume nam…
CVE-2019-25567
Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability in the Host field of the connection dialog that al
09:54 KSA
Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability in the Host field of the connection dialog that allows local attackers to crash the application by supplying an oversized input string. Attackers can trigger the vulnerability by pasting a crafted buffer exceed…
CVE-2019-25569
RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allow
09:54 KSA
RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler (SEH) chain corruption. Attackers can craft a malicious input string wit…
CVE-2019-25571
MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by op
09:54 KSA
MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Attackers can create a malicious MP3 file with a buffer containing 4000 bytes of d…
CVE-2019-25572
NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submit
09:54 KSA
NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an app…
CVE-2019-25583
RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash
09:54 KSA
RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash the application by submitting excessively long input. Attackers can paste a buffer of 5000 bytes into the Username field via Settings > Network to trigger an ap…
CVE-2019-25584
RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local
09:54 KSA
RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a malicious payload exceeding 4000 bytes into the Server field …
CVE-2019-25585
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplyi
09:54 KSA
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffer of 5000 bytes into the Webseeds field during torrent creation to trigger an ap…
CVE-2019-25586
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplyi
09:54 KSA
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an …
CVE-2019-25587
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration paramete
09:54 KSA
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and…
CVE-2019-25588
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local
09:54 KSA
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a bu…
CVE-2019-25589
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local at
09:54 KSA
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into the Shell configuration field and trigger a…
CVE-2019-25590
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash
09:54 KSA
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characte…
CVE-2019-25591
DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field tha
09:54 KSA
DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can trigger a denial of service by pasting a malicious reg…
CVE-2019-25592
PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supply
09:54 KSA
PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to tr…
CVE-2019-25594
ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by su
09:54 KSA
ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table c…
CVE-2019-25595
jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the applicati
09:54 KSA
jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open U…
CVE-2019-25596
SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to c
09:54 KSA
SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input duri…
CVE-2019-25597
NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attacke
09:54 KSA
NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a large payload into the Community field and trigger the Walk function …
CVE-2019-25598
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the applic
09:54 KSA
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL …
CVE-2019-25599
Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the applicatio
09:54 KSA
Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to t…
CVE-2019-25601
UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows
09:54 KSA
UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Prop…
CVE-2019-25616
AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application b
09:54 KSA
AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into the registration name field to trigger a denial of service condition.
CVE-2019-25617
Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local atta
09:54 KSA
Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the…
CVE-2019-25618
AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by su
09:54 KSA
AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input through the System Compare feature. Attackers can paste a large buffer of characters into the Folder Path field and trigger the compari…
CVE-2019-25620
Tree Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by prov
09:54 KSA
Tree Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, causi…
CVE-2019-25621
Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by pro
09:54 KSA
Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters, causing the application to beco…
CVE-2019-25622
Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by pro
09:54 KSA
Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of characters and trigger the application to read i…
CVE-2019-25623
Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by
09:54 KSA
Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can create a text file with arbitrary character sequences and trigger the application to pr…
CVE-2019-25624
Liquid Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by pr
09:54 KSA
Liquid Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, cau…
CVE-2019-25625
Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by prov
09:54 KSA
Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application t…
CVE-2026-4603
Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsi
09:54 KSA
Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations (e.g., verify and encryption)…
CVE-2019-25554
Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the applica
09:54 KSA
Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a large payload into the Name parameter when …
CVE-2019-25559
SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local atta
09:54 KSA
SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can paste a buffer of 1000 characters into the Name/Key field during registra…
CVE-2019-25562
jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to
09:54 KSA
jetAudio 8.1.7 contains a buffer overflow vulnerability in the video converter component that allows local attackers to crash the application by supplying an oversized string in the File Naming field. Attackers can paste a malicious buffer of 512 bytes into the File Naming parame…
CVE-2019-25564
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by
09:54 KSA
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Group field. Attackers can paste a buffer overflow payload into the Group property field and click Ok to trigger an …
CVE-2019-25570
RealTerm Serial Terminal 2.0.0.70 contains a denial of service vulnerability that allows local attackers to crash the ap
09:54 KSA
RealTerm Serial Terminal 2.0.0.70 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Port field. Attackers can paste a buffer of 1000 characters into the Port input field and click the ope…
CVE-2019-25577
SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arb
09:54 KSA
SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backend_theme/editcss/ or /backend/backend…
CVE-2019-25593
jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by su
09:54 KSA
jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then …
CVE-2019-25602
GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by input
09:54 KSA
GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer of 2000 characters into the search field, click search, and select any result to…
CVE-2019-25606
Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the applicat
09:54 KSA
Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the …
CVE-2026-4542
A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageControl
09:54 KSA
A vulnerability has been found in SSCMS 4.7.0. The affected element is an unknown function of the file LayerImageController.Submit.cs of the component layerImage Endpoint. Such manipulation of the argument filePaths leads to path traversal. The attack may be performed from remote…
CVE-2025-10731
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for
09:54 KSA
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it poss…
CVE-2025-10734
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for
09:54 KSA
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the syncedData function. This makes it possible for …
CVE-2025-13997
The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin f
09:54 KSA
The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML…
CVE-2026-4530
A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/tex
09:54 KSA
A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminology_retriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The ex…
CVE-2026-4532
A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vuln
09:54 KSA
A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories ac…
CVE-2026-4538
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loadi
09:54 KSA
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be…
CVE-2026-2756
A security vulnerability has been detected in OmniPEMF NeoRhythm up to 20260308. This affects an unknown function of the
09:54 KSA
A security vulnerability has been detected in OmniPEMF NeoRhythm up to 20260308. This affects an unknown function of the component BLE Interface. Such manipulation leads to missing authentication. The attack can only be initiated within the local network. This attack is character…
CVE-2026-4582
A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerabili
09:54 KSA
A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the loc…
CVE-2026-4583
A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this issue is some unknown fun
09:54 KSA
A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this issue is some unknown functionality of the component Bluetooth Handler. Performing a manipulation results in authentication bypass by capture-replay. The attack must originate from the …
⚠️ Threat Intelligence
41 threats
rss:The Hacker News
—
06:13 KSA
<strong>Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks</strong>
Citrix released security updates for two vulnerabilities in NetScaler ADC and Gateway, including CVE-2026-3055 (CVSS 9.3), a critical input validation flaw allowing unauthenticated…
rss:SecurityWeek
—
06:12 KSA
<strong>Iran Built a Vast Camera Network to Control Dissent. Israel Turned It Into a Targeting Tool</strong>
Israel successfully hijacked Iran's extensive street surveillance camera network and weaponized it for targeted operations, including the assassination of Iran's supreme …
rss:BleepingComputer
—
06:10 KSA
<strong>Tycoon2FA phishing platform returns after recent police disruption</strong>
Tycoon2FA phishing-as-a-service platform has resumed full operations shortly after Europol disruption on March 4. The platform's rapid recovery demonstrates resilience of cybercrime infrastructur…
rss:The Hacker News
—
05:43 KSA
<strong>U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage</strong>
A 26-year-old Russian national received a 6.75-year prison sentence in the U.S. for assisting major cybercrime groups, including Yanluowang ransomware operators, in attacks against U.S…
rss:The Hacker News
—
05:43 KSA
<strong>TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials</strong>
Threat actor TeamPCP compromised two GitHub Actions workflows maintained by Checkmarx using credential-stealing malware. This attack follows their previous Trivy supply chain compromise, demonstr…
rss:The Hacker News
—
05:43 KSA
<strong>Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials</strong>
Researchers discovered malicious npm packages in the Ghost campaign designed to steal cryptocurrency wallets and sensitive credentials. Seven packages published by user 'mikilanjillo' tar…
rss:SecurityWeek
—
05:42 KSA
<strong>3.1 Million Impacted by QualDerm Data Breach</strong>
QualDerm suffered a major data breach affecting 3.1 million individuals with hackers stealing personal information, medical records, and health insurance data from internal systems. This healthcare sector breach highl…
rss:SecurityWeek
—
05:42 KSA
<strong>Webinar Today: Putting CIS Controls and Benchmarks into Practice</strong>
Educational webinar focusing on implementing CIS Critical Security Controls and CIS Benchmarks for secure configuration management at enterprise scale. Provides guidance on standardizing security c…
rss:SecurityWeek
—
05:42 KSA
<strong>Chrome 146 Update Patches High-Severity Vulnerabilities</strong>
Google Chrome 146 update addresses eight memory safety vulnerabilities across seven components with high severity ratings. Organizations using Chrome should prioritize immediate deployment to prevent potent…
rss:Dark Reading
—
05:41 KSA
<strong>Ransomware's New Era: Moving at AI Speed</strong>
Ransomware operators are leveraging AI technologies to accelerate attack speeds and evade security controls. Attackers exploit legitimate credentials and focus on data exfiltration, using AI to automate reconnaissanc…
rss:Dark Reading
—
05:41 KSA
<strong>AI in the SOC: What Could Go Wrong?</strong>
Two cybersecurity leaders conducted a six-month pilot testing AI integration in their Security Operations Centers. The study reveals practical challenges and lessons learned from implementing AI-driven security automation in r…
rss:Dark Reading
—
05:41 KSA
<strong>Trivy Supply Chain Attack Targets CI/CD Secrets</strong>
Threat actors weaponized the open-source Trivy security scanning tool to deploy an infostealer malware into CI/CD pipelines. The attack successfully exfiltrated cloud credentials, SSH keys, authentication tokens, a…
rss:BleepingComputer
—
05:40 KSA
<strong>Mazda discloses security breach exposing employee and partner data</strong>
Mazda Motor Corporation disclosed a security incident detected in December that exposed information belonging to employees and business partners. The breach affects a major automotive manufacture…
rss:BleepingComputer
—
05:40 KSA
<strong>OpenAI rolls out ChatGPT Library to store your personal files</strong>
OpenAI introduced a new 'Library' feature for ChatGPT that enables users to store personal files and images on OpenAI's cloud storage for future reference. This raises data privacy and security consid…
rss:BleepingComputer
—
05:40 KSA
<strong>Dutch Ministry of Finance discloses breach affecting employees</strong>
The Dutch Ministry of Finance confirmed a cyberattack that breached some of its systems, detected last week. The incident affected employee data and represents a significant breach of a critical gove…
rss:BleepingComputer
—
05:39 KSA
<strong>Yanluowang ransomware access broker gets 81 months in prison</strong>
A Russian national received an 81-month prison sentence for operating as an initial access broker for Yanluowang ransomware operations. This conviction demonstrates international law enforcement cooper…
rss:BleepingComputer
—
05:39 KSA
<strong>Infinite Campus warns of breach after ShinyHunters claims data theft</strong>
Infinite Campus, a major K-12 student information system, disclosed a data breach following extortion attempts by threat actors. The breach affects educational institutions and potentially expo…
rss:BleepingComputer
—
05:39 KSA
<strong>HackerOne discloses employee data breach after Navia hack</strong>
Bug bounty platform HackerOne suffered a supply chain breach affecting hundreds of employees after attackers compromised Navia, its U.S. benefits administrator. The incident highlights third-party vendor …
rss:The Hacker News
—
05:23 KSA
<strong>5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents</strong>
Gartner published its first Market Guide for Guardian Agents on February 25, 2026, establishing a new category in cybersecurity technology. This guide defines the emerging market for AI-pow…
rss:The Hacker News
—
05:23 KSA
<strong>The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills</strong>
Despite increased specialization and advanced tooling in cybersecurity, organizations continue struggling with fundamental security challenges. The article highlights how over-specializa…
rss:The Hacker News
—
05:23 KSA
<strong>Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner</strong>
An active phishing campaign targets French-speaking corporate environments using fake resumes containing highly obfuscated VBScript files. The attack deploys cryptocurrency miners a…
rss:SecurityWeek
—
05:23 KSA
<strong>Extortion Group Claims It Hacked AstraZeneca</strong>
The Lapsus$ extortion group claims to have breached AstraZeneca, allegedly compromising internal code repositories, employee credentials, and sensitive employee data. This represents a significant data breach targetin…
rss:SecurityWeek
—
05:23 KSA
<strong>RSAC 2026 Conference Announcements Summary (Day 1)</strong>
Summary of vendor announcements made on the first day of the RSA Conference 2026. The article covers new cybersecurity products, services, and solutions presented by various security vendors at the industry's pr…
rss:SecurityWeek
—
05:23 KSA
<strong>Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector</strong>
Poland experienced a surge in cyberattacks in 2025, including a destructive infiltration of its energy infrastructure in December suspected to originate from Russia. The…
rss:Dark Reading
—
05:21 KSA
<strong>Microsoft Proposes Better Identity, Guardrails for AI Agents</strong>
Microsoft has introduced new security features to address emerging threats from agentic AI systems. The proposed controls focus on enhanced identity management and protective guardrails to help organiz…
rss:Dark Reading
—
05:21 KSA
<strong>How a Large Bank Uses AI Digital Twins for Threat Hunting</strong>
JPMorgan Chase has implemented AI-powered digital twins and digital fingerprinting technology for advanced threat hunting capabilities. This approach enables the bank to identify malicious actors and susp…
rss:Dark Reading
—
05:21 KSA
<strong>GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead</strong>
A sophisticated AI-assisted campaign has distributed over 300 malicious packages disguised as legitimate software including developer tools and game cheats through GitHub. The trojanized packages …
rss:CISA Advisories
—
05:20 KSA
<strong>Schneider Electric Plant iT/Brewmaxx</strong>
Critical vulnerabilities discovered in Schneider Electric Plant iT/Brewmaxx version 9.60 and above could allow privilege escalation leading to remote code execution. These flaws pose significant risks to industrial control sy…
rss:BleepingComputer
—
05:20 KSA
<strong>Firefox now has a free built-in VPN with 50GB monthly data limit</strong>
Mozilla Firefox 149 introduces a built-in VPN feature providing 50GB monthly data allowance for enhanced user privacy. This privacy tool aims to protect browsing activities and encrypt internet tra…
rss:BleepingComputer
—
05:20 KSA
<strong>Microsoft fixes bug causing Classic Outlook sync issues with Gmail</strong>
Microsoft resolved a bug affecting email synchronization between Classic Outlook and Gmail/Yahoo services. The fix addresses connection and sync problems that impacted business email communicatio…
rss:BleepingComputer
—
05:20 KSA
<strong>Zero Trust: Bridging the Gap Between Authentication and Trust</strong>
Multi-factor authentication alone is insufficient as attackers can hijack session tokens and bypass identity verification. Zero Trust architecture requires continuous verification of both user identit…
rss:The Hacker News
—
05:10 KSA
<strong>Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR</strong>
A large-scale malvertising campaign since January 2025 targets U.S. users searching for tax documents, delivering malicious ConnectWise ScreenConnect installers. The malware deploys …
rss:The Hacker News
—
05:10 KSA
<strong>TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise</strong>
Threat actor TeamPCP compromised the popular Python package LiteLLM (versions 1.82.7-1.82.8) through CI/CD pipeline attacks on Trivy and KICS. The malicious versions contain credential h…
rss:SecurityWeek
—
05:09 KSA
<strong>Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw</strong>
Agentic AI systems are evolving from passive tools to autonomous agents with direct system access, raising significant governance and security concerns. The OpenClaw case demonstrates the need…
rss:SecurityWeek
—
05:09 KSA
<strong>DoE Publishes 5-Year Energy Security Plan</strong>
The US Department of Energy's CESER launched Project Armor, a five-year initiative to strengthen critical energy infrastructure security. The plan focuses on hardening energy systems against cyber threats and improving r…
rss:Malwarebytes Lab
—
05:09 KSA
<strong>Scam compounds hiring &#8220;AI models&#8221; to seal the deal in deepfake video calls</strong>
Scam operations are hiring women to participate in deepfake video calls, overlaying their faces onto victims to make fraud schemes appear legitimate. This tactic addre…
rss:Malwarebytes Lab
—
05:09 KSA
<strong>FBI, CISA warn of Russian hackers hijacking Signal and WhatsApp accounts</strong>
FBI and CISA, alongside European agencies, warn of a large-scale Russian social engineering campaign targeting Signal and WhatsApp messaging accounts. The attack is highly scalable and expl…
rss:CISA Advisories
—
05:07 KSA
<strong>Grassroots DICOM (GDCM)</strong>
Vulnerability (CVE-2026-3650) in Grassroots DICOM library version 3.2.2 allows attackers to trigger denial-of-service conditions through specially crafted files. This affects medical imaging systems that parse DICOM files for healthcare o…
rss:CISA Advisories
—
05:07 KSA
<strong>Pharos Controls Mosaic Show Controller</strong>
Critical vulnerability (CVE-2026-2417) in Pharos Controls Mosaic Show Controller firmware 2.15.3 allows unauthenticated remote attackers to execute arbitrary commands with root privileges. This represents a complete system …
rss:CISA Advisories
—
05:07 KSA
<strong>Schneider Electric EcoStruxure Foxboro DCS</strong>
Schneider Electric disclosed a vulnerability in its EcoStruxure Foxboro DCS Control Software affecting workstations and servers. Core control services and runtime components remain unaffected, limiting the scope to mana…
rss:BleepingComputer
—
05:07 KSA
<strong>FCC bans new routers made outside the USA over security risks</strong>
The U.S. Federal Communications Commission has banned the sale of new consumer routers manufactured in foreign countries by adding them to its Covered List. This regulatory action addresses national s…
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Tuesday, March 24, 2026
CVE Archive ·
Threats ·
News