191
CVEs
24
Threats
0
News
38
Critical
38
CISA KEV
🛡 Security Vulnerabilities (CVE)
Ivanti Endpoint Manager Mobile (EPMM) — CVE-2026-1340
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Required Action: Apply mitigations per vendor instructions, follow app…
CVE-2017-7494
Samba Remote Code Execution Vulnerability — Samba contains a remote code execution vulnerability, allowing a malicious c
11:01 KSA
Samba Remote Code Execution Vulnerability — Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it.
CVE-2017-8291
Artifex Ghostscript Type Confusion Vulnerability — Artifex Ghostscript allows -dSAFER bypass and remote command executio
11:01 KSA
Artifex Ghostscript Type Confusion Vulnerability — Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile.
CVE-2017-8464
Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability — Windows Shell in multiple versions of Microsoft Win
11:01 KSA
Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability — Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file
CVE-2017-8540
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability — The Microsoft Malware Protection
11:01 KSA
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability — The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Go…
CVE-2017-8543
Microsoft Windows Search Remote Code Execution Vulnerability — Microsoft Windows allows an attacker to take control of t
11:01 KSA
Microsoft Windows Search Remote Code Execution Vulnerability — Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory.
CVE-2017-8570
Microsoft Office Remote Code Execution Vulnerability — A remote code execution vulnerability exists in Microsoft Office
11:01 KSA
Microsoft Office Remote Code Execution Vulnerability — A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory.
CVE-2017-8759
Microsoft .NET Framework Remote Code Execution Vulnerability — Microsoft .NET Framework contains a remote code execution
11:01 KSA
Microsoft .NET Framework Remote Code Execution Vulnerability — Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system.
CVE-2017-9248
Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability — Progress Telerik UI for ASP.N
11:01 KSA
Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability — Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEnc…
CVE-2017-9791
Apache Struts 1 Improper Input Validation Vulnerability — The Struts 1 plugin in Apache Struts might allow remote code e
11:01 KSA
Apache Struts 1 Improper Input Validation Vulnerability — The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
CVE-2017-9805
Apache Struts Deserialization of Untrusted Data Vulnerability — Apache Struts REST Plugin uses an XStreamHandler with an
11:01 KSA
Apache Struts Deserialization of Untrusted Data Vulnerability — Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.
CVE-2017-9822
DotNetNuke (DNN) Remote Code Execution Vulnerability — DotNetNuke (DNN) contains a vulnerability that may allow for remo
11:01 KSA
DotNetNuke (DNN) Remote Code Execution Vulnerability — DotNetNuke (DNN) contains a vulnerability that may allow for remote code execution via cookie deserialization.
CVE-2017-9841
PHPUnit Command Injection Vulnerability — PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST da
11:01 KSA
PHPUnit Command Injection Vulnerability — PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpu…
CVE-2018-0125
Cisco VPN Routers Remote Code Execution Vulnerability — A vulnerability in the web interface of the Cisco VPN Routers co
11:01 KSA
Cisco VPN Routers Remote Code Execution Vulnerability — A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system.
CVE-2018-0147
Cisco Secure Access Control System Java Deserialization Vulnerability — A vulnerability in Java deserialization used by
11:01 KSA
Cisco Secure Access Control System Java Deserialization Vulnerability — A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability …
CVE-2018-0151
Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability — A vulnerability in
11:01 KSA
Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability — A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of ser…
CVE-2018-0154
Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability — A vulnerability in the crypto en
11:01 KSA
Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability — A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial-of-s…
CVE-2018-0155
Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability — A vulnerability in the Bidirectional
11:01 KSA
Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability — A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticat…
CVE-2018-0156
Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability — A vulnerability in the Smar
11:01 KSA
Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability — A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, res…
CVE-2018-0158
Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability — A vulnerability in the implementation of Int
11:01 KSA
Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability — A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an a…
CVE-2018-0159
Cisco IOS and XE Software Internet Key Exchange Version 1 Denial-of-Service Vulnerability — A vulnerability in the imple
11:01 KSA
Cisco IOS and XE Software Internet Key Exchange Version 1 Denial-of-Service Vulnerability — A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attack…
CVE-2018-0161
Cisco IOS Software Resource Management Errors Vulnerability — A vulnerability in the Simple Network Management Protocol
11:01 KSA
Cisco IOS Software Resource Management Errors Vulnerability — A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial-of-s…
CVE-2018-0167
Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability — There is a buffer overflow vulnerability in the Link Laye
11:01 KSA
Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability — There is a buffer overflow vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software which could allow an unauthenticated, adjacent att…
CVE-2018-0171
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability — Cisco IOS and IOS XE Software improper
11:01 KSA
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability — Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (DoS) condition, or …
CVE-2018-0172
Cisco IOS and IOS XE Software Improper Input Validation Vulnerability — A vulnerability in the DHCP option 82 encapsulat
11:01 KSA
Cisco IOS and IOS XE Software Improper Input Validation Vulnerability — A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).
CVE-2018-0173
Cisco IOS and IOS XE Software Improper Input Validation Vulnerability — A vulnerability in the Cisco IOS Software and Ci
11:01 KSA
Cisco IOS and IOS XE Software Improper Input Validation Vulnerability — A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets can allow for denial-of-service (DoS).
CVE-2018-0174
Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability — A vulnerability in the DHCP optio
11:01 KSA
Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability — A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).
CVE-2018-0175
Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability — Format string vulnerability in the Link Layer Discovery P
11:01 KSA
Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability — Format string vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a de…
CVE-2018-0179
Cisco IOS Software Denial-of-Service Vulnerability — A vulnerability in the Login Enhancements (Login Block) feature of
11:01 KSA
Cisco IOS Software Denial-of-Service Vulnerability — A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition.
CVE-2018-0180
Cisco IOS Software Denial-of-Service Vulnerability — A vulnerability in the Login Enhancements (Login Block) feature of
11:01 KSA
Cisco IOS Software Denial-of-Service Vulnerability — A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition.
CVE-2018-0296
Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability — Cisco Adaptive Security Appliance (ASA) contai
11:01 KSA
Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability — Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS) condition or information d…
CVE-2018-0798
Microsoft Office Memory Corruption Vulnerability — Microsoft Office contains a memory corruption vulnerability due to th
11:01 KSA
Microsoft Office Memory Corruption Vulnerability — Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to…
CVE-2018-0802
Microsoft Office Memory Corruption Vulnerability — Microsoft Office contains a memory corruption vulnerability due to th
11:01 KSA
Microsoft Office Memory Corruption Vulnerability — Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to…
CVE-2018-0824
Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability — Microsoft COM for Windows contains a deseria
11:01 KSA
Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability — Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script.
CVE-2018-1000861
Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability — A code execution vulnerability exists in
11:01 KSA
Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability — A code execution vulnerability exists in the Stapler web framework used by Jenkins
CVE-2018-10561
Dasan GPON Routers Authentication Bypass Vulnerability — Dasan GPON Routers contain an authentication bypass vulnerabili
11:01 KSA
Dasan GPON Routers Authentication Bypass Vulnerability — Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.
CVE-2018-10562
Dasan GPON Routers Command Injection Vulnerability — Dasan GPON Routers contain an authentication bypass vulnerability.
11:01 KSA
Dasan GPON Routers Command Injection Vulnerability — Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.
CVE-2018-11138
Quest KACE System Management Appliance Remote Command Execution Vulnerability — The '/common/download_agent_installer.ph
11:01 KSA
Quest KACE System Management Appliance Remote Command Execution Vulnerability — The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.
CVE-2019-25671
VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary com
04:54 KSA
VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtu_eth0 parameter. Attackers can send POST requests to the changeip.php endpoint with malicious payload in the…
CVE-2019-25673
UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenti
11:00 KSA
UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the upload endpoint. Attackers can upload PHP files with the type parameter set to F…
CVE-2019-25685
phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by e
18:17 KSA
phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can upload a crafted zip file containing serialized PHP objects that execute arbitrar…
CVE-2025-59710
An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the
11:00 KSA
An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the loading a DLL file. During the loading, a method is called. An attacker can craft a malicious DLL, upload it to the server, and use it to achieve remote code ex…
CVE-2026-25044
Budibase is an open-source low-code platform. Prior to version 3.33.4, the bash automation step executes user-provided c
04:54 KSA
Budibase is an open-source low-code platform. Prior to version 3.33.4, the bash automation step executes user-provided commands using execSync without proper sanitization or validation. User input is processed through processStringSync which allows template interpolation, potenti…
CVE-2026-33785
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated
21:26 KSA
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices.
Any user logged in, without requiring speci…
CVE-2026-35638
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated se
01:48 KSA
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated sessions to retain self-declared privileged scopes without device identity verification. Attackers can exploit the device-less allow path in the trusted-proxy mec…
CVE-2026-35639
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an
01:48 KSA
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient …
CVE-2026-39911
Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript execution vulnerability in the Custom Logic
21:26 KSA
Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to execute arbitrary code by passing user-supplied JavaScript expressions directly to the …
CVE-2026-4326
The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and in
09:16 KSA
The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activate_required_plugins() function. Specifically, the current_user_can('install_plugin…
CVE-2026-5604
A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate o
18:17 KSA
A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate of the file /goform/CertLocalPrecreate of the component Parameter Handler. Performing a manipulation of the argument standard results in stack-based buffer overf…
CVE-2026-5605
A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlE
18:17 KSA
A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been made ava…
CVE-2026-5608
A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formW
18:17 KSA
A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public an…
CVE-2026-5609
A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerability is the function formwrlSSIDset of the
18:17 KSA
A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component Parameter Handler. This manipulation of the argument index/wl_radio causes stack-based buffer overflow. It is possible…
CVE-2026-5610
A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file
18:17 KSA
A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation of the argument webpage leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit ha…
CVE-2026-5611
A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/f
18:17 KSA
A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/formCrossBandSwitch. Performing a manipulation of the argument webpage results in stack-based buffer overflow. The attack can be initiated remotely. The exploit …
CVE-2026-5612
A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the f
18:17 KSA
A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The ex…
CVE-2026-5613
A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the function formReboot of the file /goform
18:17 KSA
A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the function formReboot of the file /goform/formReboot. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly availa…
CVE-2026-5614
A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /gof
23:16 KSA
A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been …
CVE-2026-5628
A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of
23:16 KSA
A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. The manipulation of the argument webpage leads to stack-based buffer overflow. Remote e…
CVE-2026-5629
A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file
23:16 KSA
A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file /goform/formSetFirewall. The manipulation of the argument webpage results in stack-based buffer overflow. The attack can be executed remotely. The exploit is n…
CVE-2026-5815
A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-
06:32 KSA
A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vu…
CVE-2026-5830
A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysTo
12:33 KSA
A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is pu…
CVE-2026-5979
A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ
21:26 KSA
A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can b…
CVE-2026-5980
A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /g
21:26 KSA
A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remo…
CVE-2026-5981
A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform
01:48 KSA
A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely.…
CVE-2026-5982
A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file
01:48 KSA
A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing a manipulation of the argument curTime results in buffer overflow. Remote exploitation…
CVE-2026-5983
A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /gofo
01:48 KSA
A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed r…
CVE-2026-5984
A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formS
01:48 KSA
A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotel…
CVE-2026-5988
A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetW
01:48 KSA
A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Performing a manipulation of the argument mit_ssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now p…
CVE-2025-13914
A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a
21:26 KSA
A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM
attacker to impersonate managed devices.
Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle a…
CVE-2026-39942
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id}
02:16 KSA
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id} endpoint accepts a user-controlled filename_disk parameter. By setting this value to match the storage path of another user's file, an attacker can overwrite t…
CVE-2019-25670
River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local a
04:54 KSA
River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll field. Attackers can craft a payload with 280 bytes of padding, a next st…
CVE-2019-25681
Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attacker
18:17 KSA
Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted buffer string. Attackers can inject a 428-byte payload through the program executio…
CVE-2019-25668
News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate da
04:54 KSA
News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to ext…
CVE-2019-25669
qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL c
04:54 KSA
qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the search_by_extrafields[] parameter. Attackers can send POST requests to the users endpoint with malicious search_by_extrafields[] values to trigg…
CVE-2019-25672
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database quer
04:54 KSA
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injec…
CVE-2019-25674
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries
12:16 KSA
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database info…
CVE-2019-25675
eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator
12:16 KSA
eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-base…
CVE-2019-25676
Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attac
17:08 KSA
Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inject script tags through the cateid parameter in categorysearch.php or SQL code th…
CVE-2019-25678
C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated a
17:08 KSA
C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the users_select.php endpo…
CVE-2019-25680
Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to exec
18:17 KSA
Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search req…
CVE-2019-25684
OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database qu
18:17 KSA
OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to…
CVE-2019-25690
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injec
18:17 KSA
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mng_profile_id parameter. Attackers can send crafted requests with malicious SQL payloads in the mng_profile_id parameter to extract s…
CVE-2023-54359
WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated
21:26 KSA
WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid' GET parameter. Attackers can send requests to the /mobile-app/v3/ endpoint with…
CVE-2026-34512
OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route
21:26 KSA
OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by se…
CVE-2026-35645
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSe
01:48 KSA
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to …
CVE-2019-25679
RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Ec
17:08 KSA
RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a POP POP…
CVE-2026-33788
A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs) of Juniper Network
21:26 KSA
A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs) of Juniper Networks Junos OS Evolved on PTX Series allows a local, authenticated attacker with low privileges to gain direct access to FPCs installed in the device.
A local user…
CVE-2026-33793
An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos
21:26 KSA
An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system.
When a configuration that allows unsigned Python op …
CVE-2026-35625
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-a
21:26 KSA
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnect…
CVE-2026-34769
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to version
23:16 KSA
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process…
CVE-2019-25686
Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attack
18:17 KSA
Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the service by sending a malformed command with an oversized buffer. Attackers can send a PBSZ command with a payload exceeding 211 bytes to trigge…
CVE-2026-1584
A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially cra
18:38 KSA
A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the se…
CVE-2026-33778
An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Jun
21:26 KSA
An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a complete Denial-of-Service (DoS).
If an affecte…
CVE-2026-33790
An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Jun
21:26 KSA
An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 packet to cause the srxpfe process to crash and restart. Continued receipt and proce…
CVE-2026-33771
A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an
21:26 KSA
A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device.
The password management m…
CVE-2026-33797
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated,
21:26 KSA
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS).
An…
CVE-2026-35629
OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail
21:26 KSA
OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch() calls against configured endpoints to rebind requests to …
CVE-2026-21916
A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authentic
21:26 KSA
A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system.
When after a user has performed …
CVE-2026-35637
OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite w
21:26 KSA
OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content handling prior to final auth decisions. Attackers can exploit this timing vulnerability to access or manipulate content before proper authorizat…
CVE-2026-5616
A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the
23:16 KSA
A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such mani…
CVE-2026-5631
A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extract_command_data
23:16 KSA
A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extract_command_data of the file backend/server/server_utils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be perf…
CVE-2026-5632
A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component H
23:16 KSA
A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authentication. It is possible to initiate the attack remotely. The exploit has been made pu…
CVE-2026-5633
A vulnerability was determined in assafelovic gpt-researcher up to 3.4.3. Affected is an unknown function of the compone
23:16 KSA
A vulnerability was determined in assafelovic gpt-researcher up to 3.4.3. Affected is an unknown function of the component ws Endpoint. Executing a manipulation of the argument source_urls can lead to server-side request forgery. It is possible to launch the attack remotely. The …
CVE-2026-5634
A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown fun
23:16 KSA
A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /book_car.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initia…
CVE-2026-5637
A security vulnerability has been detected in projectworlds Car Rental System 1.0. This vulnerability affects unknown co
23:16 KSA
A security vulnerability has been detected in projectworlds Car Rental System 1.0. This vulnerability affects unknown code of the file /message_admin.php of the component Parameter Handler. Such manipulation of the argument Message leads to sql injection. The attack may be launch…
CVE-2026-5642
A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Th
23:16 KSA
A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown function of the file /viva/update.php of the component HTTP POST Request Handler. This manipulation of the argument Name causes improper a…
CVE-2026-5645
A weakness has been identified in projectworlds Car Rental System 1.0. Affected by this vulnerability is an unknown func
23:16 KSA
A weakness has been identified in projectworlds Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /pay.php of the component Parameter Handler. Executing a manipulation of the argument mpesa can lead to sql injection. The attack can be l…
CVE-2026-5646
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this issue is some unknown f
23:16 KSA
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit…
CVE-2026-5814
A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown
06:32 KSA
A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The …
CVE-2026-5824
A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of t
06:32 KSA
A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The exploit has been…
CVE-2026-5827
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the f
09:16 KSA
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclose…
CVE-2026-5828
A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function o
12:33 KSA
A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /functions/addcomment.php. The manipulation of the argument postid results in sql injection. The attack may be launched remotely. The exploit has bee…
CVE-2026-5829
A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown funct
12:33 KSA
A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument post_id causes sql injection. Remote exploitation of the attack is possible. The exploit h…
CVE-2026-5832
A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyze_api_spec/generate_t
12:33 KSA
A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyze_api_spec/generate_test_scenarios/test_http_endpoint of the file src/mcp/http-server.ts of the component HTTP Interface. This manipulation of the argument source/url causes server-…
CVE-2026-5837
A vulnerability was found in PHPGurukul News Portal Project 4.1. This affects an unknown part of the file /news-details.
12:33 KSA
A vulnerability was found in PHPGurukul News Portal Project 4.1. This affects an unknown part of the file /news-details.php. The manipulation of the argument Comment results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.
CVE-2026-5841
A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of
12:33 KSA
A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the…
CVE-2026-5842
A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function
12:33 KSA
A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely…
CVE-2026-5849
A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component
15:21 KSA
A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be util…
CVE-2026-5961
A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects u
15:21 KSA
A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of the argument post_id leads to sql injection. The attack may be initiated remotely. The exploit h…
CVE-2026-5962
A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction o
18:38 KSA
A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used.
CVE-2026-5970
A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the co
21:26 KSA
A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public a…
CVE-2026-5971
A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fi
21:26 KSA
A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynami…
CVE-2026-5972
A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.run_com
21:26 KSA
A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.run_command in the library metagpt/tools/libs/terminal.py. The manipulation leads to os command injection. Remote exploitation of the attack is possible. The exploit h…
CVE-2026-5973
A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file me
21:26 KSA
A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used…
CVE-2026-5974
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in
21:26 KSA
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was i…
CVE-2026-5985
A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown
01:48 KSA
A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument user_Id results in sql injection. The attack may be performed from remote. The exploit has been…
CVE-2024-1490
An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management
15:21 KSA
An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitr…
CVE-2026-5844
A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the compon
15:21 KSA
A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The e…
CVE-2019-25663
SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database querie
04:54 KSA
SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using boolean-based…
CVE-2019-25664
SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView
04:54 KSA
SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the index.p…
CVE-2026-35632
OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that u
05:16 KSA
OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs.appendFile on IDENTITY.md without symlink containment checks. Attackers with workspace access can plant symlinks to append attacker-controlled content to …
CVE-2025-30650
A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a
03:18 KSA
A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to line cards running Junos OS Evolved
as root.
This issue affects systems running Junos OS using Linux-based line …
CVE-2026-21915
A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweig
06:54 KSA
A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows a local, high privileged attacker to escalate their privileges to root.
The CLI menu accepts input without carefully validating it, …
CVE-2026-33791
An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a l
10:03 KSA
An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the syst…
CVE-2026-4878
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition
22:23 KSA
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled…
CVE-2026-5959
A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is
22:23 KSA
A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated rem…
CVE-2025-59969
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forwarding toolki
04:48 KSA
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forwarding toolkit (evo-aftmand/evo-pfemand) of Juniper Networks Junos OS Evolved on PTX Series or QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial …
CVE-2026-21919
An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evol
09:54 KSA
An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Denial-of-Service (DoS) of the management plane.
When NETCONF sessions are quickly …
CVE-2026-2377
A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially cra
03:18 KSA
A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially crafted web address (URL). This allows the application's backend to make arbitrary requests to internal network resources, a vulnerability known as Server-Side Req…
CVE-2026-33774
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper N
20:54 KSA
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the configured firewall filter and access the control-plane of the dev…
CVE-2026-33775
A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (b
23:01 KSA
A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).
If the authentication packe…
CVE-2026-33779
An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Serie
03:19 KSA
An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to confidential information and potentially modify it.
When an SRX device is provis…
CVE-2026-33780
A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Jun
03:19 KSA
A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS).…
CVE-2026-33781
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper N
03:19 KSA
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service (DoS).
On EX4k, and QF…
CVE-2026-33782
A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos
03:19 KSA
A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory leak, that will eventually cause a complete Denial-of-Service (DoS).
In a DHCP…
CVE-2026-33783
A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved
03:19 KSA
A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service (DoS).
If colored SRTE policy tunnels a…
CVE-2026-35618
OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attack
10:03 KSA
OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification path derives replay keys from the full URL including query strings instead of th…
CVE-2026-35627
OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforci
10:03 KSA
OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing sender and pairing policy validation. Attackers can trigger unauthorized pre-authentication computation by sending crafted DM messages, enabling denial of se…
CVE-2026-35631
OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unautho
12:36 KSA
OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authoriz…
CVE-2026-35636
OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status reso
12:36 KSA
OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves sessionId to canonical session keys before enforcing visibility checks. Sandboxed child sessions can exploit this to access parent or sibling sessions that…
CVE-2026-35644
OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scop
12:36 KSA
OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to r…
CVE-2026-40037
OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that
09:48 KSA
OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data…
CVE-2025-58713
A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems f
03:18 KSA
A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an …
CVE-2026-2509
The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Cu
03:18 KSA
The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Custom Attributes field in all versions up to, and including, 2.0.8. This is due to an incomplete event handler blocklist in the 'pagelayer_xss_content' XSS filte…
CVE-2026-3005
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' sho
20:15 KSA
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.94.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib…
The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling html_entity_decode() on post_content during rendering in the set_display_variables() functio…
CVE-2026-4429
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_name' and 'fil
18:09 KSA
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_name' and 'file_color_list' shortcode attribute of the [osm_map_v3] shortcode in all versions up to and including 6.1.15. This is due to insufficient input sanitization and o…
CVE-2026-5357
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sid' parameter of the 'w
20:15 KSA
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sid' parameter of the 'wpdm_members' shortcode in versions up to and including 3.3.52. This is due to insufficient input sanitization and output escaping on the user-supplied 'sid' sho…
CVE-2026-5451
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-trac
07:36 KSA
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on user supplied attributes. This ma…
CVE-2026-5711
The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliderStyle' block at
11:54 KSA
The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliderStyle' block attribute in the Posts Slider block in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attrib…
CVE-2026-5742
The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. Th
20:15 KSA
The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets. This ma…
CVE-2026-5803
A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The aff
09:48 KSA
A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The affected element is an unknown function of the file server.js of the component API Proxy Endpoint. Performing a manipulation of the argument Query results in serve…
CVE-2026-5823
A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknow
14:00 KSA
A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowed_tool_report.php. This manipulation of the argument Home causes sql injection. It is possible to initiate the attack remote…
CVE-2026-5831
A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/
14:00 KSA
A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminal_execute. Performing a manipulation results in os command injection. The attack is possible to be carried out re…
CVE-2023-54358
WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated
04:48 KSA
WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. Attackers can craft malicious URLs containing JavaScript payloads in the isMobile …
CVE-2023-54360
Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicio
04:48 KSA
Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review_id URL parameter. Attackers can craft malicious links containing JavaScript payloads that execute in victims' browsers whe…
CVE-2023-54361
Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inje
04:48 KSA
Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filter_keyword parameter. Attackers can craft URLs containing JavaScript payloads in the filter_keyword GET parameter o…
CVE-2023-54362
Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to
04:48 KSA
Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft malicious URLs containing script payloads in the keyword parameter of the pr…
CVE-2023-54363
Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to
04:48 KSA
Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, type_id, distance, facilities, categories, prices, location, and Itemi…
CVE-2023-54364
Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to i
04:48 KSA
Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter endpoint. Attackers can craft malicious URLs containing XSS payloads in the from_op…
CVE-2026-21904
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Network
06:54 KSA
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the
list filter field that, when visited by another user, enables the attacker to execute commands w…
CVE-2026-35622
OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook
10:03 KSA
OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can bypass webhook authentication by providing non-deployment add-on pri…
CVE-2026-33773
An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS
12:00 KSA
An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks.
When the sa…
CVE-2026-33776
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user w
23:01 KSA
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information.
A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will ex…
CVE-2026-33786
An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Junipe
07:48 KSA
An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1600, SRX2300 and SRX4300 allows a local attacker with low privileges to cause a complete Denial of Service (DoS).
When a specific 's…
CVE-2026-33787
An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Junipe
07:48 KSA
An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600 allows a local attacker with low privileges to cause a complete Denial of Service (DoS).
When a sp…
CVE-2026-0811
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a
05:32 KSA
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the 'vsz_cf7_save_setting_callback' function. This makes it possible for unauthenti…
CVE-2026-39346
OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source allowed auth
00:32 KSA
OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via URL-encoded request paths and access functionality of modules disabled by an administrator. This v…
CVE-2026-40028
Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerability in its HTML report output that allow
09:48 KSA
Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported logs containing malicious content in the Computer field. An attacker can inject Ja…
CVE-2026-4124
The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1. The
18:09 KSA
The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1. The wp_ajax_ziggeo_ajax handler only verifies a nonce (check_ajax_referer) but performs no capability checks via current_user_can(). Furthermore, the nonce ('zigge…
CVE-2026-5811
A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function
11:54 KSA
A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The atta…
CVE-2026-5812
A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown pa
14:00 KSA
A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performing a manipulation of the argument txtqty results in business logic errors. It is p…
CVE-2025-14243
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enum
03:18 KSA
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enumerate valid usernames and email addresses via different error messages during authentication failures and account creation.
CVE-2026-2519
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation v
20:15 KSA
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due to the plugin trusting a user-supplied input without server-side validation agai…
CVE-2026-35626
OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling t
10:03 KSA
OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request bodies before provider signature checks. Attackers can send large or malicious webhook requests to exhaust server resources without authenti…
CVE-2026-35633
OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that
12:36 KSA
OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that allows attackers to trigger excessive memory consumption. Attackers can send crafted HTTP error responses with large bodies to remote media endpoints, causing …
CVE-2026-35640
OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated atta
12:36 KSA
OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers to force resource-intensive parsing operations. Remote attackers can send malicious webhook requests to trigger denial of service by exhausting server res…
CVE-2026-5833
A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impacts the function serv
20:15 KSA
A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impacts the function server.setRequestHandler of the file index.ts. Such manipulation of the argument Identifier leads to command injection. The attack must be carried out locally. The …
CVE-2026-5986
A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the
12:36 KSA
A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack remotel…
CVE-2026-32591
A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an u
03:18 KSA
A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external…
CVE-2026-35634
OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasReq
12:36 KSA
OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest() unconditionally allows local-direct requests without validating bearer tokens or canvas capabilities. Attackers can send unauthenticated loopback HTTP an…
⚠️ Threat Intelligence
24 threats
rss:BleepingComputer
—
02:27 KSA
<strong>Eurail says December data breach impacts 300,000 individuals</strong>
European rail pass provider Eurail B.V. disclosed a December 2025 data breach affecting over 300,000 individuals. Attackers successfully stole personal information from the company's systems covering 3…
rss:BleepingComputer
—
02:27 KSA
<strong>Webinar: From noise to signal - What threat actors are targeting next</strong>
Threat actors often reveal their intentions through dark web activity, access-broker listings, and credential requests before launching attacks. Proactive monitoring of these early warning sig…
rss:BleepingComputer
—
02:27 KSA
<strong>When attackers already have the keys, MFA is just another door to open</strong>
Stolen credentials compromise multi-factor authentication systems, turning them into attack vectors. Biometric authentication solutions that verify the user rather than the session can block …
rss:SecurityWeek
—
01:17 KSA
<strong>Apple Intelligence AI Guardrails Bypassed in New Attack</strong>
Researchers at RSAC demonstrated a successful bypass of Apple Intelligence security guardrails using the Neural Exect method combined with Unicode manipulation techniques. This vulnerability could potential…
rss:Dark Reading
—
01:17 KSA
<strong>Russia's Forest Blizzard Nabs Rafts of Logins via SOHO Routers</strong>
Russia's APT28 (Forest Blizzard) is conducting cyber espionage against global organizations by exploiting vulnerable SOHO routers through DNS setting modifications. This malwareless attack techn…
rss:The Hacker News
—
01:16 KSA
<strong>Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region</strong>
A hack-for-hire campaign with suspected ties to Indian government-linked threat actors targeted journalists, activists, and government officials across the MENA region. The sophisticated…
rss:The Hacker News
—
01:16 KSA
<strong>Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025</strong>
A sophisticated zero-day vulnerability in Adobe Reader has been actively exploited since December 2025 through malicious PDF documents. The highly-sophisticated exploit was discovered by EXPM…
rss:The Hacker News
—
01:16 KSA
<strong>The Hidden Security Risks of Shadow AI in Enterprises</strong>
Employees are adopting AI tools without IT approval, creating shadow AI that operates outside security team visibility and bypasses organizational controls. These unauthorized tools pose significant security …
rss:BleepingComputer
—
01:16 KSA
<strong>Smart Slider updates hijacked to push malicious WordPress, Joomla versions</strong>
Attackers compromised the update mechanism of Smart Slider 3 Pro plugin for WordPress and Joomla, distributing malicious versions containing multiple backdoors. This supply chain attack a…
rss:BleepingComputer
—
01:16 KSA
<strong>Google Chrome adds infostealer protection against session cookie theft</strong>
Google Chrome 146 for Windows introduces Device Bound Session Credentials (DBSC) to protect against infostealer malware targeting session cookies. This security enhancement prevents credentia…
rss:BleepingComputer
—
01:16 KSA
<strong>Healthcare IT solutions provider ChipSoft hit by ransomware attack</strong>
Dutch healthcare software vendor ChipSoft suffered a ransomware attack forcing offline its website and digital services. The incident impacts patient portals and healthcare provider systems, disr…
rss:Dark Reading
—
00:03 KSA
<strong>Do Ceasefires Slow Cyberattacks? History Suggests Not</strong>
The cybersecurity community questions whether Iranian state-sponsored hackers will respect recent ceasefire agreements that don't explicitly mention or involve cyber operations. Historical precedent suggests …
rss:Dark Reading
—
00:03 KSA
<strong>'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues</strong>
A researcher under the alias 'Chaotic Eclipse' publicly released a proof-of-concept exploit for an unpatched Windows zero-day vulnerability that enables local privilege escal…
rss:Dark Reading
—
00:03 KSA
<strong>Russia's 'Fancy Bear' APT Continues Its Global Onslaught</strong>
Russia's Fancy Bear APT group continues widespread cyber espionage campaigns globally. Security experts emphasize that organizations don't need advanced capabilities to defend themselves, bu…
rss:The Hacker News
—
00:03 KSA
<strong>ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories</strong>
A comprehensive threat bulletin covering multiple cybersecurity incidents including a hybrid P2P botnet, a 13-year-old Apache remote code execution vulnerability being actively ex…
rss:The Hacker News
—
00:03 KSA
<strong>UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns</strong>
A newly identified threat actor UAT-10362 is conducting sophisticated spear-phishing campaigns against Taiwanese NGOs and universities using a novel Lua-based malware called Luci…
rss:The Hacker News
—
00:03 KSA
<strong>EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs</strong>
A critical security vulnerability was discovered in the EngageLab SDK, a third-party Android development kit, affecting 50 million users including 30 million cryptocurrency wallet…
rss:Malwarebytes Lab
—
23:02 KSA
<strong>This fake Windows support website delivers password-stealing malware</strong>
Cybercriminals created a convincing fake Microsoft support website that distributes password-stealing malware. The malicious site tricks users into downloading malware capable of stealing crede…
rss:Malwarebytes Lab
—
23:02 KSA
<strong>30,000 private Facebook images allegedly downloaded by Meta employee</strong>
A Meta employee allegedly developed a custom script to bypass internal security controls and download 30,000 private Facebook images. This insider threat demonstrates vulnerabilities in interna…
rss:Malwarebytes Lab
—
23:02 KSA
<strong>NSFW app leak exposes 70,000 prompts linked to individual users</strong>
MyLovelyAI application suffered a data breach exposing personal information, explicit prompts, and images of over 100,000 users. The leak creates significant risks of sextortion and doxxing attacks …
rss:Recorded Future
—
21:50 KSA
<strong>Third-Party Risk Is an Intelligence Operation. It's Time We Treated It Like One.</strong>
Recorded Future emphasizes that traditional vendor risk management relying solely on cybersecurity ratings is no longer sufficient. The company advocates for an intelligence-dr…
rss:Malwarebytes Lab
—
21:50 KSA
<strong>Scammers pose as Amazon support to steal your account</strong>
A widespread phishing campaign is targeting Amazon customers through fraudulent refund scams delivered via email and SMS. Attackers impersonate Amazon support to steal account credentials and personal informa…
rss:CISA Advisories
—
21:48 KSA
<strong>Contemporary Controls BASC 20T</strong>
Critical vulnerability in Contemporary Controls BASC 20T PLC allows attackers to enumerate components, reconfigure systems, delete files, and execute remote procedure calls. This poses significant risk to industrial control systems…
rss:CISA Advisories
—
21:48 KSA
<strong>GPL Odorizers GPL750</strong>
Vulnerability in GPL Odorizers GPL750 system allows low-privileged remote attackers to manipulate register values controlling odorant injection in gas lines. This could result in dangerous over or under-injection of odorant, posing safety ri…
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Thursday, April 9, 2026
CVE Archive ·
Threats ·
News