145
CVEs
3
Threats
0
News
31
Critical
31
CISA KEV
🛡 Security Vulnerabilities (CVE)
CVE-2016-0189
Microsoft Internet Explorer Memory Corruption Vulnerability — The Microsoft JScript nd VBScript engines, as used in Inte
11:01 KSA
Microsoft Internet Explorer Memory Corruption Vulnerability — The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
CVE-2016-0752
Ruby on Rails Directory Traversal Vulnerability — Directory traversal vulnerability in Action View in Ruby on Rails allo
11:01 KSA
Ruby on Rails Directory Traversal Vulnerability — Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.
CVE-2016-0984
Adobe Flash Player and AIR Use-After-Free Vulnerability — Use-after-free vulnerability in Adobe Flash Player and Adobe A
11:01 KSA
Adobe Flash Player and AIR Use-After-Free Vulnerability — Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code.
CVE-2016-10033
PHPMailer Command Injection Vulnerability — PHPMailer contains a command injection vulnerability because it fails to san
11:01 KSA
PHPMailer Command Injection Vulnerability — PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail()' function of 'class.phpmailer.php' script. An attacker can exploit this issue to execute…
CVE-2016-1010
Adobe Flash Player and AIR Integer Overflow Vulnerability — Integer overflow vulnerability in Adobe Flash Player and AIR
11:01 KSA
Adobe Flash Player and AIR Integer Overflow Vulnerability — Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code.
CVE-2016-10174
NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability — The NETGEAR WNR2000v5 router contains a buffer overflow which c
11:01 KSA
NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability — The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution.
CVE-2016-1019
Adobe Flash Player Arbitrary Code Execution Vulnerability — Adobe Flash Player allows remote attackers to cause a denial
11:01 KSA
Adobe Flash Player Arbitrary Code Execution Vulnerability — Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.
CVE-2016-11021
D-Link DCS-930L Devices OS Command Injection Vulnerability — setSystemCommand on D-Link DCS-930L devices allows a remote
11:01 KSA
D-Link DCS-930L Devices OS Command Injection Vulnerability — setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.
CVE-2016-1555
NETGEAR Multiple WAP Devices Command Injection Vulnerability — Multiple NETGEAR Wireless Access Point devices allows una
11:01 KSA
NETGEAR Multiple WAP Devices Command Injection Vulnerability — Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution.
CVE-2016-1646
Google Chromium V8 Out-of-Bounds Read Vulnerability — Google Chromium V8 Engine contains an out-of-bounds read vulnerabi
11:01 KSA
Google Chromium V8 Out-of-Bounds Read Vulnerability — Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via crafted JavaScript code. This vulnerability coul…
CVE-2016-20017
D-Link DSL-2750B Devices Command Injection Vulnerability — D-Link DSL-2750B devices contain a command injection vulnerab
11:01 KSA
D-Link DSL-2750B Devices Command Injection Vulnerability — D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter.
CVE-2016-2386
SAP NetWeaver SQL Injection Vulnerability — SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine
11:01 KSA
SAP NetWeaver SQL Injection Vulnerability — SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-2388
SAP NetWeaver Information Disclosure Vulnerability — The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 a
11:01 KSA
SAP NetWeaver Information Disclosure Vulnerability — The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.
CVE-2016-3088
Apache ActiveMQ Improper Input Validation Vulnerability — The Fileserver web application in Apache ActiveMQ allows remot
11:01 KSA
Apache ActiveMQ Improper Input Validation Vulnerability — The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request
CVE-2016-3235
Microsoft Office OLE DLL Side Loading Vulnerability — Microsoft Office Object Linking & Embedding (OLE) dynamic link lib
11:01 KSA
Microsoft Office OLE DLL Side Loading Vulnerability — Microsoft Office Object Linking & Embedding (OLE) dynamic link library (DLL) contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitation allows for remote code …
CVE-2016-3298
Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability — An information disclosure vulnerability
11:01 KSA
Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability — An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow th…
CVE-2016-3309
Microsoft Windows Kernel Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when the Windo
11:01 KSA
Microsoft Windows Kernel Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
CVE-2016-3351
Microsoft Internet Explorer and Edge Information Disclosure Vulnerability — An information disclosure vulnerability exis
11:01 KSA
Microsoft Internet Explorer and Edge Information Disclosure Vulnerability — An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files …
CVE-2016-3393
Microsoft Windows Graphics Device Interface (GDI) Remote Code Execution Vulnerability — A remote code execution vulnerab
11:01 KSA
Microsoft Windows Graphics Device Interface (GDI) Remote Code Execution Vulnerability — A remote code execution vulnerability exists due to the way the Windows GDI component handles objects in the memory. An attacker who successfully exploits this vulnerability could take control…
CVE-2016-3427
Oracle Java SE and JRockit Unspecified Vulnerability — Oracle Java SE and JRockit contains an unspecified vulnerability
11:01 KSA
Oracle Java SE and JRockit Unspecified Vulnerability — Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). This vulnerability …
CVE-2016-3643
SolarWinds Virtualization Manager Privilege Escalation Vulnerability — SolarWinds Virtualization Manager allows for priv
11:01 KSA
SolarWinds Virtualization Manager Privilege Escalation Vulnerability — SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo.
CVE-2016-3714
ImageMagick Improper Input Validation Vulnerability — ImageMagick contains an improper input validation vulnerability th
11:01 KSA
ImageMagick Improper Input Validation Vulnerability — ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in …
CVE-2016-3715
ImageMagick Arbitrary File Deletion Vulnerability — ImageMagick contains an unspecified vulnerability that could allow u
11:01 KSA
ImageMagick Arbitrary File Deletion Vulnerability — ImageMagick contains an unspecified vulnerability that could allow users to delete files by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading.
CVE-2016-3718
ImageMagick Server-Side Request Forgery (SSRF) Vulnerability — ImageMagick contains an unspecified vulnerability that al
11:01 KSA
ImageMagick Server-Side Request Forgery (SSRF) Vulnerability — ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery (SSRF) via a crafted image.
CVE-2016-3976
SAP NetWeaver Directory Traversal Vulnerability — SAP NetWeaver Application Server Java Platforms contains a directory t
11:01 KSA
SAP NetWeaver Directory Traversal Vulnerability — SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files.
CVE-2016-4117
Adobe Flash Player Arbitrary Code Execution Vulnerability — An access of resource using incompatible type vulnerability
11:01 KSA
Adobe Flash Player Arbitrary Code Execution Vulnerability — An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.
CVE-2016-4171
Adobe Flash Player Remote Code Execution Vulnerability — Unspecified vulnerability in Adobe Flash Player allows for remo
11:01 KSA
Adobe Flash Player Remote Code Execution Vulnerability — Unspecified vulnerability in Adobe Flash Player allows for remote code execution.
CVE-2016-4437
Apache Shiro Code Execution Vulnerability — Apache Shiro contains a vulnerability which may allow remote attackers to ex
11:01 KSA
Apache Shiro Code Execution Vulnerability — Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature.
CVE-2016-4523
Trihedral VTScada (formerly VTS) Denial-of-Service Vulnerability — The WAP interface in Trihedral VTScada (formerly VTS)
11:01 KSA
Trihedral VTScada (formerly VTS) Denial-of-Service Vulnerability — The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service (DoS).
CVE-2016-4655
Apple iOS Information Disclosure Vulnerability — The Apple iOS kernel allows attackers to obtain sensitive information f
11:01 KSA
Apple iOS Information Disclosure Vulnerability — The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application.
CVE-2016-4656
Apple iOS Memory Corruption Vulnerability — A memory corruption vulnerability in Apple iOS kernel allows attackers to ex
11:01 KSA
Apple iOS Memory Corruption Vulnerability — A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service (DoS) via a crafted application.
CVE-2019-25671
VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary com
04:54 KSA
VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtu_eth0 parameter. Attackers can send POST requests to the changeip.php endpoint with malicious payload in the…
CVE-2019-25673
UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenti
11:00 KSA
UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the upload endpoint. Attackers can upload PHP files with the type parameter set to F…
CVE-2019-25685
phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by e
18:17 KSA
phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can upload a crafted zip file containing serialized PHP objects that execute arbitrar…
CVE-2026-20094
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with re
15:19 KSA
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user.
This vulnerability is due to i…
CVE-2026-5544
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown fu
23:18 KSA
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remote…
CVE-2026-5548
A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysT
23:18 KSA
A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. The attack can be initiated …
CVE-2026-5550
A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of
23:18 KSA
A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected.
CVE-2026-5566
A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file
17:36 KSA
A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of the attack is possible. The expl…
CVE-2026-5567
A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform
17:36 KSA
A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer overflow. The attack can be execu…
CVE-2026-5604
A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate o
18:17 KSA
A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate of the file /goform/CertLocalPrecreate of the component Parameter Handler. Performing a manipulation of the argument standard results in stack-based buffer overf…
CVE-2019-25656
R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to
22:36 KSA
R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler (SEH) overwrite by supplying malicious input. Attackers can craft a payload string in the 'Language for menus and messag…
CVE-2019-25670
River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local a
04:54 KSA
River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll field. Attackers can craft a payload with 280 bytes of padding, a next st…
CVE-2019-25681
Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attacker
18:17 KSA
Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted buffer string. Attackers can inject a 428-byte payload through the program executio…
CVE-2019-25662
ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL
22:36 KSA
ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watched_searches.php endpoint with crafted SQL payloads…
CVE-2019-25668
News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate da
04:54 KSA
News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to ext…
CVE-2019-25669
qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL c
04:54 KSA
qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the search_by_extrafields[] parameter. Attackers can send POST requests to the users endpoint with malicious search_by_extrafields[] values to trigg…
CVE-2019-25672
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database quer
04:54 KSA
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injec…
CVE-2019-25674
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries
12:16 KSA
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database info…
CVE-2019-25675
eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator
12:16 KSA
eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-base…
CVE-2019-25676
Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attac
17:08 KSA
Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inject script tags through the cateid parameter in categorysearch.php or SQL code th…
CVE-2019-25678
C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated a
17:08 KSA
C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the users_select.php endpo…
CVE-2019-25680
Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to exec
18:17 KSA
Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search req…
CVE-2019-25684
OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database qu
18:17 KSA
OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to…
CVE-2019-25690
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injec
18:17 KSA
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mng_profile_id parameter. Attackers can send crafted requests with malicious SQL payloads in the mng_profile_id parameter to extract s…
CVE-2026-35091
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Co
07:16 KSA
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing …
CVE-2026-4101
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1
19:32 KSA
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 under certain load conditions could allow an attacker to…
CVE-2026-4347
The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via
19:32 KSA
The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generate_user_filepath' function and the 'move_temp_file_to_upload_dir' function in all versions up to, and including, 5.1.0. This makes it possible for un…
CVE-2026-20155
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow a
19:32 KSA
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access.
This vulnerability is due to imp…
CVE-2019-25679
RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Ec
17:08 KSA
RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a POP POP…
CVE-2019-25686
Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attack
18:17 KSA
Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the service by sending a malformed command with an oversized buffer. Attackers can send a PBSZ command with a payload exceeding 211 bytes to trigge…
CVE-2026-33614
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint du
21:21 KSA
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
CVE-2026-33616
An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpo
21:21 KSA
An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
CVE-2026-35092
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a re
12:00 KSA
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This v…
CVE-2026-5032
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.
19:32 KSA
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which…
CVE-2026-0932
Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in
06:00 KSA
Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs.
CVE-2026-1345
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1
19:32 KSA
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary…
CVE-2026-20151
A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated,
15:19 KSA
A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an affected system.
This vulnerability is due to the improper transmission of sensitive user information. An attack…
CVE-2026-5244
A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mo
19:32 KSA
A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. Th…
CVE-2026-5261
A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uplo
06:00 KSA
A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uploadFileToIIS of the file /Base/BaseHandler.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remote…
CVE-2026-5320
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality o
19:32 KSA
A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely.…
CVE-2026-5322
A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69
19:32 KSA
A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads …
CVE-2026-5534
A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the fil
21:54 KSA
A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit&id=10 of the component Parameter Handler. Such manipulation of the argument USERID leads to sql injection. The attack can be exe…
CVE-2026-5536
A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_serv
21:54 KSA
A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_server.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted earl…
CVE-2026-5540
A vulnerability has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of th
12:18 KSA
A vulnerability has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modifymember.php of the component Parameter Handler. Such manipulation of the argument firstName leads to sql injection. The attack can be launched remo…
CVE-2026-5551
A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknow
23:18 KSA
A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/login.php of the component Parameter Handler. The manipulation of the argument email results in sql injection. The attack may be…
CVE-2026-5554
A security flaw has been discovered in code-projects Concert Ticket Reservation System 1.0. Affected by this issue is so
23:18 KSA
A security flaw has been discovered in code-projects Concert Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file /ConcertTicketReservationSystem-master/process_search.php of the component Parameter Handler. Performing a manipulation of …
CVE-2026-5555
A weakness has been identified in code-projects Concert Ticket Reservation System 1.0. This affects an unknown part of t
16:32 KSA
A weakness has been identified in code-projects Concert Ticket Reservation System 1.0. This affects an unknown part of the file /ConcertTicketReservationSystem-master/login.php of the component Parameter Handler. Executing a manipulation of the argument Email can lead to sql inje…
CVE-2026-5562
A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /
16:32 KSA
A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is public…
CVE-2026-5564
A weakness has been identified in code-projects Simple Laundry System 1.0. Affected by this vulnerability is an unknown
16:32 KSA
A weakness has been identified in code-projects Simple Laundry System 1.0. Affected by this vulnerability is an unknown functionality of the file /searchguest.php of the component Parameter Handler. This manipulation of the argument searchServiceId causes sql injection. The attac…
CVE-2026-5565
A security vulnerability has been detected in code-projects Simple Laundry System 1.0. Affected by this issue is some un
17:36 KSA
A security vulnerability has been detected in code-projects Simple Laundry System 1.0. Affected by this issue is some unknown functionality of the file /delmemberinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The atta…
CVE-2026-5569
A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /
17:36 KSA
A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /Technostrobe/ of the component Endpoint. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been mad…
CVE-2026-5570
A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function ind
22:36 KSA
A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function index_config of the file /LoginCB. This manipulation causes improper authentication. It is possible to initiate the attack remotely. The exploit has been publicly …
CVE-2026-5573
A weakness has been identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This impacts an unknown function of the
22:36 KSA
A weakness has been identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This impacts an unknown function of the file /fs. Executing a manipulation of the argument cwd can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available…
CVE-2026-5575
A vulnerability was detected in SourceCodester/jkev Record Management System 1.0. Affected by this vulnerability is an u
22:36 KSA
A vulnerability was detected in SourceCodester/jkev Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument Username results in sql injection. The attack may be launche…
CVE-2026-5577
A vulnerability has been found in Song-Li cross_browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an
22:36 KSA
A vulnerability has been found in Song-Li cross_browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachine_app.py of the component details Endpoint. Such manipulation of the argument ID leads to sql injection. The attack c…
A vulnerability has been found in Fosowl agenticSeek 0.1.0. Impacted is the function PyInterpreter.execute of the file sources/tools/PyInterpreter.py of the component query Endpoint. Such manipulation leads to code injection. The attack can be launched remotely. The exploit has b…
CVE-2026-0686
The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5
19:32 KSA
The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 in the 'MF2::parse_authorpage' function via the 'Receiver::post' function. This makes it possible for unauthenticated attackers to make web requests to arb…
CVE-2026-33613
Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulne
19:32 KSA
Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise.
This vulnerability can only be attacked if the attacker has some other way to wr…
CVE-2019-25663
SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database querie
04:54 KSA
SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using boolean-based…
CVE-2019-25664
SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView
04:54 KSA
SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the index.p…
A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/path leads to missing authorization. The attack may be initiated remotely. The expl…
CVE-2018-25249
MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to in
03:38 KSA
MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through arcade game score comments. Attackers can add crafted HTML and JavaScript payloads in the comment field that execute when other u…
CVE-2026-5528
A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown par
09:16 KSA
A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown part of the component HTTP Interface. Such manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed…
CVE-2026-5530
A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of
09:16 KSA
A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was contacted e…
CVE-2026-5532
A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function create_sand
09:16 KSA
A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function create_sandbox_and_execute of the file scrapegraphai/nodes/generate_code_node.py of the component GenerateCodeNode Component. The manipulation results in os command inject…
CVE-2026-5537
A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the functio
11:32 KSA
A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function check_sel of the file Apps/Index/Controller/IndexController.class.php of the component HTTP GET Parameter Handler. The manipulation of the argument seid leads…
CVE-2026-5538
A vulnerability was detected in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the function service_url of
13:48 KSA
A vulnerability was detected in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the function service_url of the file JudgeServer.service_url of the component judge_server_heartbeat Endpoint. The manipulation results in server-side request forgery. It is possible to la…
CVE-2026-5543
A vulnerability was identified in PHPGurukul User Registration & Login and User Management System 3.3. The affected elem
12:18 KSA
A vulnerability was identified in PHPGurukul User Registration & Login and User Management System 3.3. The affected element is an unknown function of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the at…
CVE-2026-5546
A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function add_lesson
18:00 KSA
A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function add_lesson of the file /application/models/Crud_model.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has be…
CVE-2026-5547
A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of t
18:00 KSA
A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the attack remotely. Multiple endpoints might be affected.
CVE-2026-5552
A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This issue affects some unknown process
18:00 KSA
A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This issue affects some unknown processing of the file /sub-category.php of the component Parameter Handler. This manipulation of the argument pid causes sql injection. Remote exploitation of the att…
CVE-2026-5553
A vulnerability was identified in itsourcecode Online Cellphone System 1.0. Affected by this vulnerability is an unknown
20:04 KSA
A vulnerability was identified in itsourcecode Online Cellphone System 1.0. Affected by this vulnerability is an unknown functionality of the file /cp/available.php of the component Parameter Handler. Such manipulation of the argument Name leads to sql injection. The attack can b…
CVE-2026-5556
A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function dis
20:04 KSA
A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function discoverAndLoadExtensions of the file packages/coding-agent/src/core/extensions/loader.ts. The manipulation leads to code injection. Remote exploitation of the att…
CVE-2026-5557
Authentication Bypass in badlogic pi-mono Slack Bot Component (CVE-2026-5557)
20:04 KSA
A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation results in authentication bypass using alternate channel. The attack can be executed…
CVE-2026-5558
A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function
20:04 KSA
A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql injection. The attack is possible to be car…
CVE-2026-5559
A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _
20:04 KSA
A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _is_safe_ast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template en…
CVE-2026-5560
A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function
20:04 KSA
A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /payment-method.php of the component Parameter Handler. Performing a manipulation of the argument paymethod results in sql injection. It is possible…
CVE-2026-5561
Injection Vulnerability in Campcodes Complete POS Management and Inventory System
20:04 KSA
A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. Executing a manipulation can lead to injec…
CVE-2026-5563
A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file
20:04 KSA
A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipulation results in sql injection. The attack can be launched remotely. The exploit …
CVE-2026-5578
A vulnerability was found in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /Online
00:14 KSA
A vulnerability was found in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /OnlineClassroom/addassessment.php of the component Parameter Handler. Performing a manipulation of the argument deleteid results in sql injection. The attack is possi…
CVE-2026-5579
A vulnerability was determined in CodeAstro Online Classroom 1.0. This issue affects some unknown processing of the file
00:14 KSA
A vulnerability was determined in CodeAstro Online Classroom 1.0. This issue affects some unknown processing of the file /OnlineClassroom/updatedetailsfromfaculty.php?myfid=108 of the component Parameter Handler. Executing a manipulation of the argument fname can lead to sql inje…
CVE-2026-5580
A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineCla
00:14 KSA
A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/addvideos.php of the component Parameter Handler. The manipulation of the argument videotitle leads to sql injection. It is possible to initiate the atta…
CVE-2026-5583
SQL Injection Vulnerability in PHPGurukul Online Shopping Portal 2.1 (CVE-2026-5583)
00:14 KSA
A security vulnerability has been detected in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /my-profile.php of the component Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate t…
CVE-2026-5586
A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the c
02:05 KSA
A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the component Multi-stage Text2SQL Workflow. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The ex…
CVE-2026-5587
A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769be57a4b9022e5e34a14f4. This affects the
02:05 KSA
A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769be57a4b9022e5e34a14f4. This affects the function _execute_sql of the file core/agents.py of the component Refiner Agent. The manipulation leads to sql injection. Remote exploitation of the attack is p…
A weakness has been identified in premAI-io premsql up to 0.2.1. Affected is the function eval of the file premsql/agents/baseline/workers/followup.py. This manipulation of the argument result causes code injection. The attack is possible to be carried out remotely. The exploit h…
CVE-2026-5595
A security vulnerability has been detected in griptape-ai griptape 0.19.4. Affected by this vulnerability is the functio
05:32 KSA
A security vulnerability has been detected in griptape-ai griptape 0.19.4. Affected by this vulnerability is the function load_files_from_disk/list_files_from_disk/save_content_to_file/save_memory_artifacts_to_disk of the component FileManagerTool. Such manipulation leads to path…
CVE-2026-5596
A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this issue is some unknown functionality of the
05:32 KSA
A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this issue is some unknown functionality of the file griptape/tools/sql/tool.py of the component SqlTool. Performing a manipulation results in sql injection. It is possible to initiate the attack remotely. T…
CVE-2026-5597
A flaw has been found in griptape-ai griptape 0.19.4. This affects an unknown part of the file griptape\tools\computer\t
05:32 KSA
A flaw has been found in griptape-ai griptape 0.19.4. This affects an unknown part of the file griptape\tools\computer\tool.py of the component ComputerTool. Executing a manipulation of the argument filename can lead to path traversal. It is possible to launch the attack remotely…
CVE-2018-25252
FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by in
03:38 KSA
FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Attackers can create a malicious site profile containing 500 bytes of repeated characters and past…
CVE-2018-25253
Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local att
03:38 KSA
Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language f…
CVE-2019-25659
ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of
05:32 KSA
ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 or more characters into the Project name field during project creation to trigge…
CVE-2019-25660
LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending
05:32 KSA
LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending excessively long input strings. Attackers can exploit the Form Send Message feature by pasting 6000 bytes of data into the Message text field to trigger a denia…
CVE-2019-25661
Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial
05:32 KSA
Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by sending a crafted payload to the Add Computer dialog. Attackers can paste a malicious string into the computer name textbox and trigger a crash by…
CVE-2019-25665
River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash t
05:32 KSA
River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to activation fields. Attackers can paste 300 bytes of data into the Email textbox and Activation code textarea via …
CVE-2019-25666
SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows at
05:32 KSA
SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows attackers to crash the application. Attackers can supply an oversized Base64 string through the decoder interface to trigger a denial of service condition.
CVE-2019-25667
TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supp
05:32 KSA
TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to registration fields. Attackers can paste excessively long strings into the New User Name or New Serial Number textboxes in the Help men…
CVE-2019-25677
WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a
05:32 KSA
WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can trigger the crash by opening an archive and pressing the test button, causing a…
CVE-2019-25683
FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attacker
05:32 KSA
FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters follow…
CVE-2018-25247
MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts b
03:38 KSA
MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the at…
CVE-2018-25256
IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers t
05:32 KSA
IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data into the 'From Addr' and 'To Addr' fields and trigger the crash by clic…
CVE-2019-25657
AnyBurn 4.3 x86 contains a denial of service vulnerability that allows local attackers to crash the application by suppl
05:32 KSA
AnyBurn 4.3 x86 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the image conversion function. Attackers can paste a large buffer into the source or destination image file fields and click …
CVE-2019-25658
a-Mac Address Change 5.4 contains a local buffer overflow vulnerability that allows local attackers to crash the applica
05:32 KSA
a-Mac Address Change 5.4 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input to registration form fields. Attackers can paste 212 bytes of data into the 'Your Name', 'Your Company', or 'Register Code' fi…
CVE-2016-20053
Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create admin
03:38 KSA
Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with…
CVE-2026-5527
A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown fu
09:16 KSA
A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key
…
CVE-2026-5531
A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function o
09:16 KSA
A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /login_credentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be…
CVE-2026-5549
A vulnerability was determined in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this issue is some unknown functionali
18:00 KSA
A vulnerability was determined in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this issue is some unknown functionality of the file /webroot_ro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded cryptogr…
CVE-2026-5571
A vulnerability was identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The impacted element is an unknown funct
22:08 KSA
A vulnerability was identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The impacted element is an unknown function of the file /fs of the component Configuration Data Handler. Such manipulation of the argument File leads to information disclosure. It is possible to launc…
CVE-2026-5585
A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/
02:05 KSA
A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/task_manager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated remote…
CVE-2026-5601
A vulnerability was found in Acrel Electrical Prepaid Cloud Platform 1.0. This issue affects some unknown processing of
05:32 KSA
A vulnerability was found in Acrel Electrical Prepaid Cloud Platform 1.0. This issue affects some unknown processing of the file /bin.rar of the component Backup File Handler. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has…
CVE-2026-5602
A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/t
05:32 KSA
A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/tools.ts of the component new_heim_application/deploy_heim_application/deploy_heim_application_to_cloud. This manipulation causes os command injection. The attac…
CVE-2026-5603
A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMag
05:32 KSA
A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command injection. An attack has to be approached locally. The exploit is publicly availabl…
CVE-2026-5541
12:18 KSA
CVE-2026-5542
12:18 KSA
⚠️ Threat Intelligence
3 threats
rss:The Hacker News
—
10:22 KSA
<strong>Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS</strong>
Fortinet released emergency patches for critical vulnerability CVE-2026-35616 (CVSS 9.1) in FortiClient EMS that is being actively exploited. The flaw allows pre-authentication API access bypa…
rss:The Hacker News
—
09:16 KSA
<strong>$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation</strong>
The April 2026 hack of Drift resulting in the theft of $285 million has been attributed to a sophisticated six-month social engineering campaign orchestrated by North Korean (DPRK) sta…
rss:The Hacker News
—
09:16 KSA
<strong>36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants</strong>
Researchers discovered 36 malicious npm packages disguised as legitimate Strapi CMS plugins that exploit Redis and PostgreSQL services to deploy reverse shells, harvest credentia…
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Sunday, April 5, 2026
CVE Archive ·
Threats ·
News