156
CVEs
15
Threats
0
News
25
Critical
24
CISA KEV
🛡 Security Vulnerabilities (CVE)
Fortinet FortiClient EMS — CVE-2026-35616
Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Required Action: Apply mitigations per vendor instructio…
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6.
CVE-2016-4657
Apple iOS Webkit Memory Corruption Vulnerability — Apple iOS WebKit contains a memory corruption vulnerability that allo
11:01 KSA
Apple iOS Webkit Memory Corruption Vulnerability — Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service (DoS) via a crafted web site. This vulnerability could impact HTML parsers that use WebKit, inc…
CVE-2016-5195
Linux Kernel Race Condition Vulnerability — Race condition in mm/gup.c in the Linux kernel allows local users to escalat
11:01 KSA
Linux Kernel Race Condition Vulnerability — Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges.
CVE-2016-5198
Google Chromium V8 Out-of-Bounds Memory Vulnerability — Google Chromium V8 Engine contains an out-of-bounds memory acces
11:01 KSA
Google Chromium V8 Out-of-Bounds Memory Vulnerability — Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could aff…
CVE-2016-6277
NETGEAR Multiple Routers Remote Code Execution Vulnerability — NETGEAR confirmed multiple routers allow unauthenticated
11:01 KSA
NETGEAR Multiple Routers Remote Code Execution Vulnerability — NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution.
CVE-2016-6366
Cisco Adaptive Security Appliance (ASA) SNMP Buffer Overflow Vulnerability — A buffer overflow vulnerability in the Simp
11:01 KSA
Cisco Adaptive Security Appliance (ASA) SNMP Buffer Overflow Vulnerability — A buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco ASA software could allow an attacker to cause a reload of the affected system or to remotely execute code.
CVE-2016-6367
Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability — A vulnerability in the command-line in
11:01 KSA
Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability — A vulnerability in the command-line interface (CLI) parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service (DoS) condition or potentially execute cod…
CVE-2016-6415
Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability — Cisco IOS, IOS XR, and IOS XE contain insuffi
11:01 KSA
Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability — Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. contains an information discl…
CVE-2016-7193
Microsoft Office Memory Corruption Vulnerability — Microsoft Office contains a memory corruption vulnerability which can
11:01 KSA
Microsoft Office Memory Corruption Vulnerability — Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution.
CVE-2016-7200
Microsoft Edge Memory Corruption Vulnerability — The Chakra JavaScript scripting engine in Microsoft Edge allows remote
11:01 KSA
Microsoft Edge Memory Corruption Vulnerability — The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
CVE-2016-7201
Microsoft Edge Memory Corruption Vulnerability — The Chakra JavaScript scripting engine in Microsoft Edge allows remote
11:01 KSA
Microsoft Edge Memory Corruption Vulnerability — The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
CVE-2016-7255
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k kernel-mode driver fails to properly handle objec
11:01 KSA
Microsoft Win32k Privilege Escalation Vulnerability — Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.
CVE-2016-7256
Microsoft Windows Open Type Font Remote Code Execution Vulnerability — A remote code execution vulnerability exists when
11:01 KSA
Microsoft Windows Open Type Font Remote Code Execution Vulnerability — A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of th…
CVE-2016-7262
Microsoft Office Security Feature Bypass Vulnerability — A security feature bypass vulnerability exists when Microsoft O
11:01 KSA
Microsoft Office Security Feature Bypass Vulnerability — A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.
CVE-2016-7836
SKYSEA Client View Improper Authentication Vulnerability — SKYSEA Client View contains an improper authentication vulner
11:01 KSA
SKYSEA Client View Improper Authentication Vulnerability — SKYSEA Client View contains an improper authentication vulnerability that allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.
CVE-2016-7855
Adobe Flash Player Use-After-Free Vulnerability — Use-after-free vulnerability in Adobe Flash Player Windows and OS and
11:01 KSA
Adobe Flash Player Use-After-Free Vulnerability — Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.
CVE-2016-7892
Adobe Flash Player Use-After-Free Vulnerability — Adobe Flash Player has an exploitable use-after-free vulnerability in
11:01 KSA
Adobe Flash Player Use-After-Free Vulnerability — Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.
CVE-2016-8562
Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability — An improper privilege management vulnerability e
11:01 KSA
Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability — An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service.
CVE-2016-8735
Apache Tomcat Remote Code Execution Vulnerability — Apache Tomcat contains an unspecified vulnerability that allows for
11:01 KSA
Apache Tomcat Remote Code Execution Vulnerability — Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listen…
CVE-2016-9079
Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability — Mozilla Firefox, Firefox ESR, and Thunderbi
11:01 KSA
Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability — Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.
CVE-2016-9563
SAP NetWeaver XML External Entity (XXE) Vulnerability — SAP NetWeaver Application Server Java Platforms contains an unsp
11:01 KSA
SAP NetWeaver XML External Entity (XXE) Vulnerability — SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity (XXE) attacks.
CVE-2017-0001
Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability — The Graphics Device Interface (GDI) in Mi
11:01 KSA
Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability — The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold,…
CVE-2017-0005
Microsoft Windows Graphics Device Interface (GDI) Privilege Escalation Vulnerability — The Graphics Device Interface (GD
11:01 KSA
Microsoft Windows Graphics Device Interface (GDI) Privilege Escalation Vulnerability — The Graphics Device Interface (GDI) in Microsoft Windows allows local users to gain privileges via a crafted application.
CVE-2017-0022
Microsoft XML Core Services Information Disclosure Vulnerability — Microsoft XML Core Services (MSXML) improperly handle
11:01 KSA
Microsoft XML Core Services Information Disclosure Vulnerability — Microsoft XML Core Services (MSXML) improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site.
CVE-2025-47392
Memory corruption when decoding corrupted satellite data files with invalid signature offsets.
00:38 KSA
Memory corruption when decoding corrupted satellite data files with invalid signature offsets.
CVE-2026-33510
Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been disco
05:32 KSA
Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been discovered in Homarr's /auth/login page. The application improperly trusts a URL parameter (callbackUrl), which is passed to redirect and router.push. An attacker ca…
CVE-2026-34570
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati
22:50 KSA
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deleted. Due to a logic fla…
CVE-2026-34791
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet
08:48 KSA
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_proxy.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection du…
CVE-2026-34792
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet
08:48 KSA
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_clamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection d…
CVE-2026-34793
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet
08:48 KSA
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_firewall.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection…
CVE-2026-34794
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet
08:48 KSA
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_ids.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due …
CVE-2026-34795
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet
10:32 KSA
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_log.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due …
CVE-2026-34796
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet
15:00 KSA
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_openvpn.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection …
CVE-2026-34797
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet
15:00 KSA
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_smtp.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due…
CVE-2026-35029
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/updat
17:55 KSA
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to modify proxy configura…
CVE-2026-5349
A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file
16:48 KSA
A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly ava…
CVE-2026-5350
A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of t
16:48 KSA
A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stack-based buffer overflow. The attack can be launched remotely. The exploit has bee…
CVE-2026-5605
A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlE
18:17 KSA
A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been made ava…
CVE-2026-5608
A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formW
18:17 KSA
A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public an…
CVE-2026-5609
A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerability is the function formwrlSSIDset of the
18:17 KSA
A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component Parameter Handler. This manipulation of the argument index/wl_radio causes stack-based buffer overflow. It is possible…
CVE-2026-5610
A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file
18:17 KSA
A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation of the argument webpage leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit ha…
CVE-2026-5611
A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/f
18:17 KSA
A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/formCrossBandSwitch. Performing a manipulation of the argument webpage results in stack-based buffer overflow. The attack can be initiated remotely. The exploit …
CVE-2026-5612
A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the f
18:17 KSA
A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The ex…
CVE-2026-5613
A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the function formReboot of the file /goform
18:17 KSA
A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the function formReboot of the file /goform/formReboot. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly availa…
CVE-2026-5614
A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /gof
23:16 KSA
A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been …
CVE-2026-5628
A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of
23:16 KSA
A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. The manipulation of the argument webpage leads to stack-based buffer overflow. Remote e…
CVE-2026-5629
A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file
23:16 KSA
A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file /goform/formSetFirewall. The manipulation of the argument webpage results in stack-based buffer overflow. The attack can be executed remotely. The exploit is n…
CVE-2026-5685
A vulnerability was identified in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat of the file /goform/
17:55 KSA
A vulnerability was identified in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available …
CVE-2026-5686
A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerability affects the function fromRouteStatic
23:58 KSA
A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerability affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit …
CVE-2026-5687
A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects the function fromNatStaticSetting of the f
02:23 KSA
A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. This manipulation of the argument page causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has b…
CVE-2026-35020
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helpe
17:55 KSA
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environment variable. Attackers can inj…
CVE-2026-35394
Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobile_open_url tool in mobile-
17:55 KSA
Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobile_open_url tool in mobile-mcp passes user-supplied URLs directly to Android's intent system without any scheme validation, allowing execution of arbitrary Android intents, including USSD…
CVE-2026-5684
A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by this issue is the function fromwebExcptypemanFilt
17:55 KSA
A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack requires access t…
CVE-2024-14032
Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that
11:36 KSA
Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service. Attackers can invoke the installFromPath:toPath:withReply: me…
CVE-2025-47389
Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.
18:37 KSA
Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.
Memory corruption while preprocessing IOCTL request in JPEG driver.
Memory corruption while processing a frame request from user.
CVE-2026-21371
Memory Corruption when retrieving output buffer with insufficient size validation.
00:38 KSA
Memory Corruption when retrieving output buffer with insufficient size validation.
CVE-2026-21372
Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.
00:38 KSA
Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.
CVE-2026-21373
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
05:45 KSA
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
CVE-2026-21374
Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validatio
05:45 KSA
Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.
CVE-2026-21375
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
05:45 KSA
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
CVE-2026-21376
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor
05:45 KSA
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
CVE-2026-21378
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor
05:45 KSA
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
CVE-2026-21380
Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory.
05:45 KSA
Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory.
CVE-2026-21382
Memory Corruption when handling power management requests with improperly sized input/output buffers.
11:54 KSA
Memory Corruption when handling power management requests with improperly sized input/output buffers.
CVE-2026-34588
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the
14:16 KSA
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_exr_undo_piz() advances the working wavelet pointer with signed 32-bit arithmeti…
CVE-2026-35021
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invoca
17:55 KSA
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $() or back…
CVE-2026-21367
Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
00:38 KSA
Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
CVE-2026-21381
Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood aware
05:45 KSA
Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection.
CVE-2026-26027
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store
23:32 KSA
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6.
CVE-2026-33951
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the Signal
21:16 KSA
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT /s…
CVE-2026-35389
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, S/MIME signature verification
17:55 KSA
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, S/MIME signature verification did not validate the certificate trust chain (checkChain: false). Any email signed with a self-signed or untrusted certificate was displayed as having a valid …
CVE-2026-35391
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the getClientIP() function in
17:55 KSA
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the getClientIP() function in lib/admin/session.ts trusted the first (leftmost) entry of the X-Forwarded-For header, which is fully controlled by the client. An attacker could forge their s…
CVE-2026-5333
A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown pro
04:16 KSA
A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host results in command injection. The attack can be executed remotely. The exploit has b…
CVE-2026-5334
A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file
04:16 KSA
A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This manipulation of the argument deptid causes sql injection. The attack is possible …
CVE-2026-5346
A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client.get of the file src
15:00 KSA
A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client.get of the file src/mcp-server.js of the component image-to-base64 Endpoint. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible t…
CVE-2026-5616
A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the
23:16 KSA
A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such mani…
CVE-2026-5631
A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extract_command_data
23:16 KSA
A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extract_command_data of the file backend/server/server_utils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be perf…
CVE-2026-5632
A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component H
23:16 KSA
A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authentication. It is possible to initiate the attack remotely. The exploit has been made pu…
CVE-2026-5633
A vulnerability was determined in assafelovic gpt-researcher up to 3.4.3. Affected is an unknown function of the compone
23:16 KSA
A vulnerability was determined in assafelovic gpt-researcher up to 3.4.3. Affected is an unknown function of the component ws Endpoint. Executing a manipulation of the argument source_urls can lead to server-side request forgery. It is possible to launch the attack remotely. The …
CVE-2026-5634
A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown fun
23:16 KSA
A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /book_car.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initia…
CVE-2026-5637
A security vulnerability has been detected in projectworlds Car Rental System 1.0. This vulnerability affects unknown co
23:16 KSA
A security vulnerability has been detected in projectworlds Car Rental System 1.0. This vulnerability affects unknown code of the file /message_admin.php of the component Parameter Handler. Such manipulation of the argument Message leads to sql injection. The attack may be launch…
CVE-2026-5642
A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Th
23:16 KSA
A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown function of the file /viva/update.php of the component HTTP POST Request Handler. This manipulation of the argument Name causes improper a…
CVE-2026-5645
A weakness has been identified in projectworlds Car Rental System 1.0. Affected by this vulnerability is an unknown func
23:16 KSA
A weakness has been identified in projectworlds Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /pay.php of the component Parameter Handler. Executing a manipulation of the argument mpesa can lead to sql injection. The attack can be l…
CVE-2026-5646
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this issue is some unknown f
23:16 KSA
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit…
CVE-2026-5648
A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /u
05:32 KSA
A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /userfinishregister.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is…
CVE-2026-5663
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEn
11:36 KSA
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the at…
CVE-2026-5665
A security vulnerability has been detected in code-projects Online FIR System 1.0. Affected by this vulnerability is an
17:55 KSA
A security vulnerability has been detected in code-projects Online FIR System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/checklogin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The atta…
CVE-2026-5669
A vulnerability has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Th
17:55 KSA
A vulnerability has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This vulnerability affects unknown code of the file /login.php of the component Parameter Handler. Such manipulation of the argument Password leads to sql injecti…
CVE-2026-5672
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Affected by this issue is some unknown f
17:55 KSA
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /edit-category.php of the component Parameter Handler. The manipulation of the argument cat_id leads to sql injection. It is possible t…
CVE-2026-5676
A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. This issue affects the function setLanguageCfg of
17:55 KSA
A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument langType leads to missing authentication. The attack can be launched remotely. The exploit is p…
CVE-2026-5677
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function CsteSystem of the
17:55 KSA
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument resetFlags results in os command injection. The attack may be initiated remotely. The expl…
CVE-2026-5678
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setSchedul
17:55 KSA
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument mode can lead to os command injection. The attack may be launched remotely. The …
CVE-2026-5688
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setDdnsCfg
08:48 KSA
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit ha…
CVE-2026-5689
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setNtpCfg of
08:48 KSA
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument tz results in os command injection. Remote exploitation of the attack is possible. The…
CVE-2026-5690
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setRemoteCfg of the
08:48 KSA
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit h…
CVE-2026-5691
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setFirewallType of th
12:16 KSA
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setFirewallType of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument firewallType leads to os command injection. The attack is possible to be carried out remotely. The…
CVE-2026-25932
GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user c
23:32 KSA
GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24.
CVE-2026-29047
GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user
05:32 KSA
GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is fixed in 10.0.24 and 11.0.6.
CVE-2026-34217
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sand
14:16 KSA
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the sc…
CVE-2025-47400
Cryptographic issue while copying data to a destination buffer without validating its size.
00:38 KSA
Cryptographic issue while copying data to a destination buffer without validating its size.
CVE-2026-34790
Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in
04:16 KSA
Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter to /cgi-bin/backup.cgi. The remove ARCHIVE parameter value is used to construct a file path without sanitization of directory trave…
CVE-2025-47374
Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling.
07:48 KSA
Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling.
CVE-2026-5595
A security vulnerability has been detected in griptape-ai griptape 0.19.4. Affected by this vulnerability is the functio
05:32 KSA
A security vulnerability has been detected in griptape-ai griptape 0.19.4. Affected by this vulnerability is the function load_files_from_disk/list_files_from_disk/save_content_to_file/save_memory_artifacts_to_disk of the component FileManagerTool. Such manipulation leads to path…
CVE-2026-5596
A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this issue is some unknown functionality of the
05:32 KSA
A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this issue is some unknown functionality of the file griptape/tools/sql/tool.py of the component SqlTool. Performing a manipulation results in sql injection. It is possible to initiate the attack remotely. T…
CVE-2026-5597
A flaw has been found in griptape-ai griptape 0.19.4. This affects an unknown part of the file griptape\tools\computer\t
05:32 KSA
A flaw has been found in griptape-ai griptape 0.19.4. This affects an unknown part of the file griptape\tools\computer\tool.py of the component ComputerTool. Executing a manipulation of the argument filename can lead to path traversal. It is possible to launch the attack remotely…
A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /order-details.php of the component Parameter Handler. The manipulation of the argument orderid results in sql injection. It is possible t…
CVE-2026-5607
A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallTool
15:36 KSA
A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments …
CVE-2026-5620
A vulnerability has been found in itsourcecode Construction Management System 1.0. Affected is an unknown function of th
15:36 KSA
A vulnerability has been found in itsourcecode Construction Management System 1.0. Affected is an unknown function of the file /borrowed_equip_report.php of the component Parameter Handler. The manipulation of the argument Home leads to sql injection. It is possible to initiate t…
CVE-2026-5623
A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affects an unknown part of the file server/f
15:36 KSA
A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affects an unknown part of the file server/front/src/index.ts of the component Import Endpoint. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit is …
CVE-2026-5635
A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by this issue is some unk
20:54 KSA
A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by this issue is some unknown functionality of the file /categorywise-products.php of the component Parameter Handler. The manipulation of the argument cid results in sql injection. The…
CVE-2026-5636
A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the fil
20:54 KSA
A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /cancelorder.php of the component Parameter Handler. This manipulation of the argument oid causes sql injection. The attack may be initiated remotely. The exp…
CVE-2026-5639
A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /adm
22:55 KSA
A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. The attack can be executed…
CVE-2026-5640
A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown func
22:55 KSA
A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /admin/update-image2.php of the component Parameter Handler. The manipulation of the argument filename leads to sql injection. The attack is po…
CVE-2026-5641
A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function
22:55 KSA
A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /admin/update-image1.php of the component Parameter Handler. The manipulation of the argument filename results in sql injection. The attack may be p…
CVE-2026-5649
A vulnerability has been found in code-projects Online Application System for Admission 1.0. This issue affects some unk
01:13 KSA
A vulnerability has been found in code-projects Online Application System for Admission 1.0. This issue affects some unknown processing of the file /enrollment/admsnform.php of the component Endpoint. Such manipulation leads to sql injection. The attack can be executed remotely. …
CVE-2026-5659
A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie._
01:13 KSA
A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.__setstate__ of the file src/datrie.pyx of the component trie File Handler. The manipulation results in deserialization. The attack can be launched remotely. The…
CVE-2026-5660
A vulnerability was determined in itsourcecode Construction Management System 1.0. The impacted element is an unknown fu
03:16 KSA
A vulnerability was determined in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /borrowed_equip.php of the component Parameter Handler. This manipulation of the argument emp causes sql injection. The attack may be initiat…
CVE-2026-5670
A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This is
11:59 KSA
A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This issue affects the function move_uploaded_file of the file /AssignmentSection/submission/upload.php. Performing a manipulation of the argument File results in unre…
CVE-2026-5675
A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /
11:59 KSA
A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /borrowed_tool.php of the component Parameter Handler. The manipulation of the argument emp results in sql injection. It is possible to launch the attack remotel…
CVE-2026-5681
A flaw has been found in itsourcecode sanitize or validate this input 1.0. This impacts an unknown function of the file
11:59 KSA
A flaw has been found in itsourcecode sanitize or validate this input 1.0. This impacts an unknown function of the file /borrowedequip.php of the component Parameter Handler. This manipulation of the argument emp_id causes sql injection. The attack is possible to be carried out r…
CVE-2019-25659
ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of
05:32 KSA
ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 or more characters into the Project name field during project creation to trigge…
CVE-2019-25660
LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending
05:32 KSA
LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending excessively long input strings. Attackers can exploit the Form Send Message feature by pasting 6000 bytes of data into the Message text field to trigger a denia…
CVE-2019-25661
Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial
05:32 KSA
Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by sending a crafted payload to the Add Computer dialog. Attackers can paste a malicious string into the computer name textbox and trigger a crash by…
CVE-2019-25665
River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash t
05:32 KSA
River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to activation fields. Attackers can paste 300 bytes of data into the Email textbox and Activation code textarea via …
CVE-2019-25666
SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows at
05:32 KSA
SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows attackers to crash the application. Attackers can supply an oversized Base64 string through the decoder interface to trigger a denial of service condition.
CVE-2019-25667
TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supp
05:32 KSA
TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to registration fields. Attackers can paste excessively long strings into the New User Name or New Serial Number textboxes in the Help men…
CVE-2019-25677
WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a
05:32 KSA
WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can trigger the crash by opening an archive and pressing the test button, causing a…
CVE-2019-25683
FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attacker
05:32 KSA
FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters follow…
CVE-2026-5618
A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake
15:36 KSA
A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results in server-side request forgery. The attack is possible to be carried out remotely…
A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI …
CVE-2018-25256
IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers t
05:32 KSA
IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data into the 'From Addr' and 'To Addr' fields and trigger the crash by clic…
CVE-2019-25657
AnyBurn 4.3 x86 contains a denial of service vulnerability that allows local attackers to crash the application by suppl
05:32 KSA
AnyBurn 4.3 x86 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the image conversion function. Attackers can paste a large buffer into the source or destination image file fields and click …
CVE-2019-25658
a-Mac Address Change 5.4 contains a local buffer overflow vulnerability that allows local attackers to crash the applica
05:32 KSA
a-Mac Address Change 5.4 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input to registration form fields. Attackers can paste 212 bytes of data into the 'Your Name', 'Your Company', or 'Register Code' fi…
CVE-2026-5679
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted element is the functi
11:59 KSA
A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument stun_pass leads to os command injection. The exploit has been disclosed publi…
CVE-2026-5683
A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerability is the function fromP2pListFilter o
11:59 KSA
A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack must originate from the loca…
CVE-2026-22675
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthe
14:15 KSA
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue a…
CVE-2026-31313
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allo
03:35 KSA
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field.
CVE-2026-31350
An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitra
03:35 KSA
An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter.
CVE-2026-31352
An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allow
03:35 KSA
An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter.
CVE-2026-31353
An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attac
03:35 KSA
An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
CVE-2026-31354
Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 a
03:35 KSA
Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters.
CVE-2026-35200
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73
01:33 KSA
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1-alpha.4, a file can be uploaded with a filename extension that passes the file extension allowlist (e.g., .txt) but with a Content-Type header that di…
CVE-2026-5601
A vulnerability was found in Acrel Electrical Prepaid Cloud Platform 1.0. This issue affects some unknown processing of
05:32 KSA
A vulnerability was found in Acrel Electrical Prepaid Cloud Platform 1.0. This issue affects some unknown processing of the file /bin.rar of the component Backup File Handler. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has…
CVE-2026-5602
A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/t
05:32 KSA
A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/tools.ts of the component new_heim_application/deploy_heim_application/deploy_heim_application_to_cloud. This manipulation causes os command injection. The attac…
CVE-2026-5603
A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMag
05:32 KSA
A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command injection. An attack has to be approached locally. The exploit is publicly availabl…
CVE-2026-5619
A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file
15:36 KSA
A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarize_command. Executing a manipulation of the argument command can lead to os command injection. The attack requi…
CVE-2026-5621
A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown function
15:36 KSA
A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulation of the argument config_path results in os command injection. Attacking locally …
CVE-2026-5638
A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown processing. Perform
20:54 KSA
A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown processing. Performing a manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed…
CVE-2026-5650
A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function
01:13 KSA
A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried o…
CVE-2026-5661
A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handle
05:32 KSA
A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available and might be used.
CVE-2026-5666
A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionalit
07:48 KSA
A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component SQL Database Backup File Handler. The manipulation results in insecure storage of sensitive information. The atta…
CVE-2026-34589
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the
01:33 KSA
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-b…
CVE-2026-5704
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to
11:59 KSA
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce …
⚠️ Threat Intelligence
15 threats
rss:The Hacker News
—
09:16 KSA
<strong>BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks</strong>
Germany's BKA has identified two key leaders of the defunct REvil ransomware-as-a-service operation, including the threat actor known as UNKN, who was responsible for coordinating 130 ransomware a…
rss:The Hacker News
—
08:00 KSA
<strong>⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More</strong>
Multiple critical security incidents occurred this week including software tampering, active zero-day vulnerabilities in widely-used tools, and exploitation of existing vulnera…
rss:The Hacker News
—
08:00 KSA
<strong>How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers</strong>
Developer workstations have become critical attack targets as they store and manage credentials across multiple services, tools, and AI agents. The TeamPCP threat actor exploited LiteLLM …
rss:The Hacker News
—
08:00 KSA
<strong>Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools</strong>
Qilin and Warlock ransomware groups are using Bring Your Own Vulnerable Driver (BYOVD) technique to disable over 300 endpoint detection and response (EDR) security tools on compromised…
rss:Dark Reading
—
08:00 KSA
<strong>Shadow AI in Healthcare Is Here to Stay</strong>
Healthcare professionals increasingly use unauthorized AI tools to manage workloads, creating security risks. Organizations must strengthen security protocols to contain potential breaches from shadow AI usage in medical e…
rss:Dark Reading
—
08:00 KSA
<strong>OWASP GenAI Security Project Gets Update, New Tools Matrix</strong>
OWASP identifies 21 security risks specific to generative AI systems and releases updated guidance. The organization recommends separate security approaches for GenAI and agentic AI systems to address em…
rss:The Hacker News
—
08:00 KSA
<strong>Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations</strong>
Iranian threat actors conducted password-spraying attacks against Microsoft 365 environments in Israel and UAE during Middle East conflicts. The ongoing campaign occurred in …
rss:The Hacker News
—
08:00 KSA
<strong>DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea</strong>
North Korean-linked threat actors are leveraging GitHub as command-and-control infrastructure in sophisticated multi-stage attacks against South Korean organizations. This techniqu…
rss:The Hacker News
—
08:00 KSA
<strong>Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps</strong>
Modern cyberattacks target multiple operating systems simultaneously, exploiting Windows, macOS, Linux, and mobile devices across enterprise environments. SOC teams face challenges in detecting cro…
rss:Dark Reading
—
06:55 KSA
<strong>Axios Attack Shows How Complex Social Engineering Is Industrialized</strong>
A sophisticated attack targeted the popular NPM package Axios, demonstrating how threat actors are industrializing social engineering campaigns against software maintainers. This incident highli…
rss:Dark Reading
—
06:55 KSA
<strong>Fortinet Issues Emergency Patch for FortiClient Zero-Day</strong>
Fortinet released an emergency patch for CVE-2026-35616, an authentication bypass vulnerability in FortiClient being actively exploited in the wild. This is the latest in a series of critical Fortinet vuln…
rss:Dark Reading
—
06:55 KSA
<strong>Automated Credential Harvesting Campaign Exploits React2Shell Flaw</strong>
Threat cluster UAT-10608 is conducting automated attacks exploiting vulnerable Next.js applications through the React2Shell flaw to harvest credentials, secrets, and system data. The campaign use…
rss:Malwarebytes Lab
—
02:28 KSA
<strong>Killer robots are here. Now what? (Lock and Code S07E07)</strong>
Discussion on autonomous weapons systems and their cybersecurity implications. Explores the risks of AI-powered military systems and potential security vulnerabilities in autonomous weapons platforms.
Sou…
rss:Malwarebytes Lab
—
01:17 KSA
<strong>A week in security (March 30 &#8211; April 5)</strong>
Weekly security roundup covering cybersecurity topics and incidents from March 30 to April 5, 2026. Provides consolidated threat intelligence and security updates for awareness and defensive planning.
Source: ht…
rss:Krebs on Securit
—
21:49 KSA
<strong>Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab</strong>
German authorities identified Russian national Daniil Maksimovich Shchukin, 31, as the leader behind notorious ransomware groups REvil and GandCrab. He is accused of orchestrating at least 130 cyb…
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Monday, April 6, 2026
CVE Archive ·
Threats ·
News