182
CVEs
45
Threats
0
News
69
Critical
60
CISA KEV
🛡 Security Vulnerabilities (CVE)
Microsoft Visual Basic for Applications (VBA) — CVE-2012-1854
Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution.
Required Action: Apply mitigations per vendor instructions, follow applicabl…
Adobe Acrobat — CVE-2020-9715
Adobe Acrobat contains a use-after-free vulnerability that allows for code execution
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigation…
Microsoft Exchange Server — CVE-2023-21529
Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guida…
CVE-2023-36424
Windows Common Log File System Driver Out-of-Bounds Read Privilege Escalation
05:16 KSA
Microsoft Windows — CVE-2023-36424
Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guida…
Microsoft Windows — CVE-2025-60710
Microsoft Windows contains a link following vulnerability that allows for privilege escalation
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the produc…
Fortinet FortiClient EMS — CVE-2026-21643
Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Required Action: Apply mitigations per vendor ins…
Adobe Acrobat and Reader — CVE-2026-34621
Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discon…
Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha.
CVE-2025-69222
LibreChat SSRF Vulnerability in Actions Feature Allows Internal Service Access
04:01 KSA
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF)
vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined ins…
SAP S/4HANA (Private Cloud and On-Premise) allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. Thi…
Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to v…
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle (M…
SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution (RCE) by wr…
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6.
Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04.
CVE-2019-10068
Kentico Xperience Deserialization of Untrusted Data Vulnerability — Kentico contains a failure to validate security head
11:01 KSA
Kentico Xperience Deserialization of Untrusted Data Vulnerability — Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution.
CVE-2019-10149
Exim Mail Transfer Agent (MTA) Improper Input Validation — Improper validation of recipient address in deliver_message()
11:01 KSA
Exim Mail Transfer Agent (MTA) Improper Input Validation — Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
CVE-2019-1064
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability — A privilege escalation vulnerab
11:01 KSA
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated co…
CVE-2019-1069
Microsoft Task Scheduler Privilege Escalation Vulnerability — A privilege escalation vulnerability exists in the way the
11:01 KSA
Microsoft Task Scheduler Privilege Escalation Vulnerability — A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.
CVE-2019-10758
MongoDB mongo-express Remote Code Execution Vulnerability — mongo-express before 0.54.0 is vulnerable to Remote Code Exe
11:01 KSA
MongoDB mongo-express Remote Code Execution Vulnerability — mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method.
CVE-2019-11001
Reolink Multiple IP Cameras OS Command Injection Vulnerability — Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511
11:01 KSA
Reolink Multiple IP Cameras OS Command Injection Vulnerability — Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail" functionality …
CVE-2019-11043
PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability — In some versions of PHP in certain configurations of F
11:01 KSA
PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability — In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.
CVE-2019-1129
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability — A privilege escalation vulnerab
11:01 KSA
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated co…
CVE-2019-1130
Microsoft Windows AppX Deployment Service Privilege Escalation Vulnerability — A privilege escalation vulnerability exis
11:01 KSA
Microsoft Windows AppX Deployment Service Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links.
CVE-2019-1132
Microsoft Win32k Privilege Escalation Vulnerability — A privilege escalation vulnerability exists in Windows when the Wi
11:01 KSA
Microsoft Win32k Privilege Escalation Vulnerability — A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
CVE-2019-11510
Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability — Ivanti Pulse Connect Secure contains an arbitrary file r
11:01 KSA
Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability — Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI.
CVE-2019-11539
Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability — Ivanti Pulse Connect Secure and Policy S
11:01 KSA
Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability — Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands.
CVE-2019-11580
Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability — Atlassian Crowd and Crowd Data Center contai
11:01 KSA
Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability — Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds.
CVE-2019-11581
Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability — Atlassian Jira Server and Data Cent
11:01 KSA
Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability — Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution.
CVE-2019-11634
Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability — Citrix Workspace Application
11:01 KSA
Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability — Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local …
CVE-2019-11707
Mozilla Firefox and Thunderbird Type Confusion Vulnerability — Mozilla Firefox and Thunderbird contain a type confusion
11:01 KSA
Mozilla Firefox and Thunderbird Type Confusion Vulnerability — Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash.
CVE-2019-11708
Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability — Mozilla Firefox and Thunderbird contain a sandbox escape
11:01 KSA
Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability — Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution.
CVE-2019-1214
Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability — Microsoft Windows Common Log File S
11:01 KSA
Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability — Microsoft Windows Common Log File System (CLFS) driver improperly handles objects in memory which can allow for privilege escalation.
CVE-2019-1215
Microsoft Windows Privilege Escalation Vulnerability — Microsoft Windows contains an unspecified vulnerability due to th
11:01 KSA
Microsoft Windows Privilege Escalation Vulnerability — Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation allows an attacker to execute code with elevat…
CVE-2019-1253
Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability — A privilege escalation vulnerability exist
11:01 KSA
Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.
CVE-2019-1297
Microsoft Excel Remote Code Execution Vulnerability — A remote code execution vulnerability exists in Microsoft Excel wh
11:01 KSA
Microsoft Excel Remote Code Execution Vulnerability — A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory.
CVE-2019-12989
Citrix SD-WAN and NetScaler SQL Injection Vulnerability — Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.
11:01 KSA
Citrix SD-WAN and NetScaler SQL Injection Vulnerability — Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.
CVE-2019-12991
Citrix SD-WAN and NetScaler Command Injection Vulnerability — Authenticated Command Injection in Citrix SD-WAN Appliance
11:01 KSA
Citrix SD-WAN and NetScaler Command Injection Vulnerability — Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.
CVE-2019-1315
Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability — A privilege escalation vulnerability exis
11:01 KSA
Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file…
CVE-2019-1322
Microsoft Windows Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when Windows improper
11:01 KSA
Microsoft Windows Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
CVE-2019-13272
Linux Kernel Improper Privilege Management Vulnerability — Kernel/ptrace.c in Linux kernel mishandles contains an improp
11:01 KSA
Linux Kernel Improper Privilege Management Vulnerability — Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access.
CVE-2019-13608
Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability — Citrix StoreFront Server contains an XML E
11:01 KSA
Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability — Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.
DrayTek Vigor Routers OS Command Injection Vulnerability — DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component web management interface.
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability — Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability — Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via …
SolarWinds Serv-U Path Traversal Vulnerability — SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine.
Apple Multiple Products Arbitrary Read and Write Vulnerability — Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.
SAP NetWeaver Unrestricted File Upload Vulnerability — SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability — Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability — BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote a…
Cisco Unified Communications Products Code Injection Vulnerability — Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), …
Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability — Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authentication bypass vulnerability could allow an unauthenticated, …
CVE-2026-20700
Apple Multiple Buffer Overflow Vulnerability Across iOS macOS tvOS watchOS visionOS
11:01 KSA
Apple Multiple Buffer Overflow Vulnerability — Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
CVE-2026-20805
Microsoft Windows Desktop Window Manager Information Disclosure Vulnerability
11:01 KSA
Microsoft Windows Information Disclosure Vulnerability — Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.
Microsoft Office Security Feature Bypass Vulnerability — Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a security feature locally. S…
Microsoft Windows Shell Protection Mechanism Failure Vulnerability — Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability — Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability — Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
Microsoft Windows Type Confusion Vulnerability — Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
CVE-2026-21525
Microsoft Windows Remote Access Connection Manager NULL Pointer Dereference DoS
11:01 KSA
Microsoft Windows NULL Pointer Dereference Vulnerability — Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.
Microsoft Windows Improper Privilege Management Vulnerability — Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability — Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an unauthenticated remote attacker to gain unauthorized access to…
Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defini…
SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability — SmarterTools SmarterMail contains an authentication bypass using an alternate path or channel vulnerability in the password reset API. The force-reset-password endpoint permits anony…
GNU InetUtils Argument Injection Vulnerability — GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER environment variable.
Google Chromium CSS Use-After-Free Vulnerability — Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chr…
SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability — SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to …
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability — Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud acc…
Soliton Systems K.K FileZen OS Command Injection Vulnerability — Soliton Systems K.K FileZen contains an OS command injection vulnerability when an user logs-in to the affected product and sends a specially crafted HTTP request.
CVE-2026-33785
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated
21:26 KSA
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices.
Any user logged in, without requiring speci…
CVE-2026-35638
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated se
01:48 KSA
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated sessions to retain self-declared privileged scopes without device identity verification. Attackers can exploit the device-less allow path in the trusted-proxy mec…
CVE-2026-35639
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an
01:48 KSA
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually holds. Attackers can exploit insufficient …
CVE-2026-39911
Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript execution vulnerability in the Custom Logic
21:26 KSA
Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to execute arbitrary code by passing user-supplied JavaScript expressions directly to the …
CVE-2026-40040
Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file
03:25 KSA
Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file types by bypassing ineffective extension filtering to the /uploadfile endpoint. Attackers can upload executable files .php5 scripts to web-accessible directori…
CVE-2026-4326
The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and in
09:16 KSA
The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activate_required_plugins() function. Specifically, the current_user_can('install_plugin…
CVE-2026-5815
A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-
06:32 KSA
A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vu…
CVE-2026-5830
A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysTo
12:33 KSA
A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is pu…
CVE-2026-5979
A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ
21:26 KSA
A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can b…
CVE-2026-5980
A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /g
21:26 KSA
A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remo…
CVE-2026-5981
A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform
01:48 KSA
A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely.…
CVE-2026-5982
A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file
01:48 KSA
A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing a manipulation of the argument curTime results in buffer overflow. Remote exploitation…
CVE-2026-5983
A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /gofo
01:48 KSA
A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed r…
CVE-2026-5984
A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formS
01:48 KSA
A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotel…
CVE-2026-5988
A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetW
01:48 KSA
A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Performing a manipulation of the argument mit_ssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now p…
CVE-2026-5989
A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. E
01:48 KSA
A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and ma…
CVE-2026-5990
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter
01:48 KSA
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The expl…
CVE-2026-5991
A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /gof
01:48 KSA
A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made publ…
CVE-2026-6135
A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the fi
21:18 KSA
A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploi…
CVE-2026-6136
A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the
21:18 KSA
A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has …
CVE-2026-6137
A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromAdvSetWan of the
21:18 KSA
A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument wanmode/PPPOEPassword results in stack-based buffer overflow. It is possible to launch the attack remo…
CVE-2026-6157
A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig
03:25 KSA
A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. The manipulation of the argument apcliSsid results in buffer overflow. The attack can be executed remotely. The exploit…
CVE-2026-6168
A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of
03:25 KSA
A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of the attack is possible. The e…
CVE-2026-6186
A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the functi
03:25 KSA
A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation of the argument NatBind leads to buffer overflow. The attack is possible to be carried out remo…
CVE-2026-6194
A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_41
03:25 KSA
A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes stack-based buffer overflow. Remo…
CVE-2026-6196
A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeComm
03:25 KSA
A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit i…
CVE-2026-6198
A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /
03:25 KSA
A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit…
CVE-2026-6199
A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting.
03:25 KSA
A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public an…
CVE-2026-6200
A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the fil
03:25 KSA
A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipulation of the argument menufacturer/Go causes stack-based buffer overflow. The attack can be initiated remotely. The exploi…
CVE-2025-13914
A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a
21:26 KSA
A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM
attacker to impersonate managed devices.
Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle a…
CVE-2023-54359
WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated
21:26 KSA
WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid' GET parameter. Attackers can send requests to the /mobile-app/v3/ endpoint with…
CVE-2026-34512
OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route
21:26 KSA
OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by se…
CVE-2026-35645
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSe
01:48 KSA
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to …
CVE-2026-33788
A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs) of Juniper Network
21:26 KSA
A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs) of Juniper Networks Junos OS Evolved on PTX Series allows a local, authenticated attacker with low privileges to gain direct access to FPCs installed in the device.
A local user…
CVE-2026-33793
An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos
21:26 KSA
An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system.
When a configuration that allows unsigned Python op …
CVE-2026-35625
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-a
21:26 KSA
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnect…
CVE-2026-40030
parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument (-v flag) is
03:00 KSA
parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument (-v flag) is passed unsanitized into an os.popen() shell command with ls, allowing arbitrary command injection via crafted volume path arguments containing shell metacharact…
CVE-2026-40031
MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking acr
06:32 KSA
MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompression, and plugin DLLs. An attacker…
CVE-2026-40032
UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in the placeholder subst
06:32 KSA
UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the _run_command() function passes constructed command strings directly to eval without proper sanitization. Attack…
ASDA-Soft Stack-based Buffer Overflow Vulnerability
CVE-2026-34853
Permission bypass vulnerability in the LBS module.
Impact: Successful exploitation of this vulnerability may affect avai
03:25 KSA
Permission bypass vulnerability in the LBS module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-1584
A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially cra
18:38 KSA
A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the se…
CVE-2026-33778
An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Jun
21:26 KSA
An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a complete Denial-of-Service (DoS).
If an affecte…
CVE-2026-33790
An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Jun
21:26 KSA
An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 packet to cause the srxpfe process to crash and restart. Continued receipt and proce…
CVE-2026-40036
Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py that allows remote a
06:32 KSA
Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, ex…
CVE-2026-33771
A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an
21:26 KSA
A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device.
The password management m…
CVE-2026-33797
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated,
21:26 KSA
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS).
An…
CVE-2026-35629
OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail
21:26 KSA
OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can exploit unprotected fetch() calls against configured endpoints to rebind requests to …
CVE-2026-21916
A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authentic
21:26 KSA
A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system.
When after a user has performed …
CVE-2026-34856
UAF vulnerability in the communication module.
Impact: Successful exploitation of this vulnerability may affect availabi
03:25 KSA
UAF vulnerability in the communication module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-35637
OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite w
21:26 KSA
OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content handling prior to final auth decisions. Attackers can exploit this timing vulnerability to access or manipulate content before proper authorizat…
CVE-2026-5813
A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of
06:32 KSA
A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /check_availability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The expl…
CVE-2026-5814
A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown
06:32 KSA
A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The …
CVE-2026-5824
A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of t
06:32 KSA
A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The exploit has been…
CVE-2026-5827
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the f
09:16 KSA
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclose…
CVE-2026-5828
A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function o
12:33 KSA
A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /functions/addcomment.php. The manipulation of the argument postid results in sql injection. The attack may be launched remotely. The exploit has bee…
CVE-2026-5829
A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown funct
12:33 KSA
A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument post_id causes sql injection. Remote exploitation of the attack is possible. The exploit h…
CVE-2026-5832
A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyze_api_spec/generate_t
12:33 KSA
A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyze_api_spec/generate_test_scenarios/test_http_endpoint of the file src/mcp/http-server.ts of the component HTTP Interface. This manipulation of the argument source/url causes server-…
CVE-2026-5837
A vulnerability was found in PHPGurukul News Portal Project 4.1. This affects an unknown part of the file /news-details.
12:33 KSA
A vulnerability was found in PHPGurukul News Portal Project 4.1. This affects an unknown part of the file /news-details.php. The manipulation of the argument Comment results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.
CVE-2026-5841
A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of
12:33 KSA
A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the…
CVE-2026-5842
A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function
12:33 KSA
A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely…
CVE-2026-5849
A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component
15:21 KSA
A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be util…
CVE-2026-5961
A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects u
15:21 KSA
A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of the argument post_id leads to sql injection. The attack may be initiated remotely. The exploit h…
CVE-2026-5962
A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction o
18:38 KSA
A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used.
CVE-2026-5970
A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the co
21:26 KSA
A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public a…
CVE-2026-5971
A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fi
21:26 KSA
A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynami…
CVE-2026-5972
A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.run_com
21:26 KSA
A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.run_command in the library metagpt/tools/libs/terminal.py. The manipulation leads to os command injection. Remote exploitation of the attack is possible. The exploit h…
CVE-2026-5973
A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file me
21:26 KSA
A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used…
CVE-2026-5974
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in
21:26 KSA
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was i…
CVE-2026-5985
A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown
01:48 KSA
A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument user_Id results in sql injection. The attack may be performed from remote. The exploit has been…
CVE-2026-6142
A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. Af
21:18 KSA
A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. Affected by this vulnerability is an unknown functionality of the file /admin/roomdelete.php. The manipulation of the argument ID leads to sql injection. Remote e…
CVE-2026-6148
A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is
21:18 KSA
A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. Performing a manipulation of the argument BRANCH_ID results in sql injection. The…
CVE-2026-6149
A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Affected by this issue is some unknown fu
21:18 KSA
A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Affected by this issue is some unknown functionality of the file /util/BookVehicleFunction.php. Executing a manipulation of the argument BRANCH_ID can lead to sql injection. The attack may be performed…
CVE-2026-6151
A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown co
23:32 KSA
A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/PaymentStatusFunction.php. The manipulation of the argument CUSTOMER_ID results in sql injection. It is possible to launch the attack remot…
CVE-2026-6152
A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown
23:32 KSA
A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFF_ID causes sql injection. The attack can be initiated remotely. The…
CVE-2026-6153
A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function
03:25 KSA
A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /util/StaffDetailsFunction.php. Such manipulation of the argument STAFF_ID leads to sql injection. The attack can be launched remotely. The exploit …
CVE-2026-6158
A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgra
03:25 KSA
A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published…
CVE-2026-6161
A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chat
03:25 KSA
A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argument msg can lead to sql injection. It is possible to launch the attack remotely. …
CVE-2026-6163
A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unkn
03:25 KSA
A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The ex…
CVE-2026-6164
A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affects an unknown part o
03:25 KSA
A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affects an unknown part of the file /addcat.php. Performing a manipulation of the argument cata results in sql injection. The attack can be initiated remotely. The exploit has been rele…
CVE-2026-6165
A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unkno
03:25 KSA
A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Login_check.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The explo…
CVE-2026-6166
A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects s
03:25 KSA
A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation of the argument VEHICLE_ID leads to sql injection. The attack may be initia…
CVE-2026-6167
A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file
03:25 KSA
A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be use…
CVE-2026-6182
A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is
03:25 KSA
A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User leads to sql injection. The attack may be launched remotely. T…
CVE-2026-6183
A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is som
03:25 KSA
A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is …
CVE-2026-6187
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown
03:25 KSA
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chk_prod_availability. The manipulation of the argument ID results in sql injection. The attack may be performed from re…
CVE-2026-6188
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the
03:25 KSA
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has b…
CVE-2026-6189
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unk
03:25 KSA
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotel…
CVE-2026-6193
A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of
03:25 KSA
A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to t…
CVE-2026-6224
A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function
05:35 KSA
A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The a…
CVE-2024-1490
An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management
15:21 KSA
An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitr…
CVE-2026-40038
Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and sc
03:25 KSA
Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, comment_body, article_content, description, and …
CVE-2026-5844
A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the compon
15:21 KSA
A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The e…
CVE-2026-21007
Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical attackers to by
02:54 KSA
Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Knox Guard.
CVE-2026-21009
Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass
21:16 KSA
Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning.
CVE-2026-21011
Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attacker
00:32 KSA
Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock.
CVE-2026-34864
Boundary-unlimited vulnerability in the application read module.
Impact: Successful exploitation of this vulnerability m
02:16 KSA
Boundary-unlimited vulnerability in the application read module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-34863
Out-of-bounds write vulnerability in the file system.
Impact: Successful exploitation of this vulnerability may affect a
02:16 KSA
Out-of-bounds write vulnerability in the file system.
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-21008
Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitiv
02:54 KSA
Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information.
CVE-2026-40039
Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external we
02:54 KSA
Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the return_to parameter. Attackers can craft malicious login URLs with unvalidated return_to values to conduct phishing attacks and steal…
CVE-2026-40043
Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser() action that allows authenticated low
02:54 KSA
Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser() action that allows authenticated low-privilege users to escalate privileges by manipulating the original_username cookie. Attackers can set the client-controlled original_username cookie to any va…
CVE-2026-34861
Race condition vulnerability in the thermal management module.
Impact: Successful exploitation of this vulnerability may
02:16 KSA
Race condition vulnerability in the thermal management module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-34862
Race condition vulnerability in the power consumption statistics module.
Impact: Successful exploitation of this vulnera
02:16 KSA
Race condition vulnerability in the power consumption statistics module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-6141
A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is an unknown function
08:48 KSA
A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse_url.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has b…
CVE-2026-6143
A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functio
08:48 KSA
A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains…
CVE-2026-6190
A vulnerability was found in itsourcecode Construction Management System 1.0. The impacted element is an unknown functio
00:32 KSA
A vulnerability was found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /employees.php. Performing a manipulation of the argument Name results in sql injection. The attack can be initiated remotely. The exploit has bee…
CVE-2026-6191
A vulnerability was determined in itsourcecode Construction Management System 1.0. This affects an unknown function of t
00:32 KSA
A vulnerability was determined in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /equipments.php. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been publ…
CVE-2026-6202
A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file po
02:54 KSA
A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the publ…
CVE-2026-6215
A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file pac
02:54 KSA
A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. The attack may be initiated remotely. The e…
CVE-2026-6203
The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5
07:16 KSA
The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via the 'redirect_to_on_logout' GET parameter before redirecting users. The `redirect_…
CVE-2026-6201
A vulnerability was identified in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the fi
02:54 KSA
A vulnerability was identified in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /jobs/job-delete.php of the component Delete Job Posting Handler. Such manipulation of the argument ID leads to improper access controls. The attack can be l…
A vulnerability was found in code-projects Simple ChatBox 1.0. Affected by this issue is the function SimpleChatbox_PHP of the file chatbox.sql of the component Endpoint. Performing a manipulation results in file and directory information exposure. It is possible to initiate the …
CVE-2026-6219
A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of
05:00 KSA
A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the file src/compressor.js of the component Compressor Feature. This manipulation causes command injection. The attack can only be executed locally. The exploit…
⚠️ Threat Intelligence
45 threats
rss:Dark Reading
—
03:16 KSA
<strong>Adobe Patches Actively Exploited Zero-Day That Lingered for Months</strong>
Adobe has patched a zero-day vulnerability in Acrobat and Reader that was actively exploited for at least four months using malicious PDF files. The prolonged exploitation period indicates a soph…
rss:BleepingComputer
—
03:16 KSA
<strong>Critical flaw in wolfSSL library enables forged certificate use</strong>
A critical vulnerability has been discovered in the wolfSSL SSL/TLS library affecting ECDSA signature verification. The flaw allows improper verification of hash algorithms, potentially enabling att…
rss:BleepingComputer
—
03:16 KSA
<strong>Stolen Rockstar Games analytics data leaked by extortion gang</strong>
Rockstar Games experienced a data breach through a security incident at analytics provider Anodot. The ShinyHunters extortion gang has leaked the stolen analytics data on their data leak site, exposin…
rss:Dark Reading
—
01:55 KSA
<strong>Empty Attestations: OT Lacks the Tools for Cryptographic Readiness</strong>
Operational Technology (OT) asset owners are being required by regulators to certify their post-quantum cryptographic readiness despite lacking proper security tools. This creates a compliance ga…
rss:The Hacker News
—
01:55 KSA
<strong>JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025</strong>
JanelaRAT malware, a modified version of BX RAT, has launched 14,739 attacks targeting banks and financial institutions in Latin America, particularly Brazil and Mexico in 2025.…
rss:BleepingComputer
—
01:55 KSA
<strong>FBI takedown of W3LL phishing service leads to developer arrest</strong>
FBI and Indonesian authorities dismantled the W3LL global phishing platform, seizing infrastructure and arresting the alleged developer. This marks the first coordinated US-Indonesia enforcement act…
rss:CISA Advisories
—
00:54 KSA
<strong>CISA Adds Seven Known Exploited Vulnerabilities to Catalog</strong>
CISA has added seven actively exploited vulnerabilities to its KEV Catalog, including flaws in Microsoft Visual Basic for Applications and Adobe Acrobat. Organizations should prioritize patching these vu…
rss:Recorded Future
—
23:49 KSA
<strong>March 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-Day</strong>
March 2026 witnessed a 139% surge in high-impact vulnerabilities with 31 critical flaws requiring immediate patching, up from 13 in Februa…
rss:BleepingComputer
—
23:49 KSA
<strong>New Booking.com data breach forces reservation PIN resets</strong>
Booking.com confirmed unauthorized access to its systems resulting in exposure of sensitive reservation and user data. The breach has forced the company to reset reservation PINs as a security measure to …
rss:BleepingComputer
—
23:49 KSA
<strong>OpenAI rotates macOS certs after Axios attack hit code-signing workflow</strong>
OpenAI is rotating macOS code-signing certificates after a supply chain attack compromised their GitHub Actions workflow through a malicious Axios package. The incident exposed code-signing …
rss:Recorded Future
—
22:48 KSA
<strong>VIP Credential Monitoring Blog</strong>
Executives and high-privilege users face elevated credential theft risks that standard monitoring often fails to detect. VIP Credential Monitoring in Recorded Future Identity Intelligence provides enhanced protection for sensitive …
rss:BleepingComputer
—
22:48 KSA
<strong>Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw</strong>
Adobe released an emergency security update for Acrobat Reader to patch CVE-2026-34621, a zero-day vulnerability actively exploited since December. Organizations using Adobe products should immediat…
rss:Dark Reading
—
21:36 KSA
<strong>APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials</strong>
Chinese state-sponsored APT41 threat group is deploying undetectable backdoors targeting major cloud platforms including AWS, Google Cloud, Azure, and Alibaba. The attackers use typo…
rss:The Hacker News
—
21:36 KSA
<strong>FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts</strong>
FBI and Indonesian National Police dismantled a global phishing operation using the W3LL toolkit that stole thousands of victims' credentials and attempted over $20 million in f…
rss:SecurityWeek
—
20:32 KSA
<strong>BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings</strong>
Security researchers are scrutinizing claims that Microsoft conducts corporate espionage through LinkedIn's browser extension. The allegations suggest widespread data collection, but …
rss:SecurityWeek
—
20:32 KSA
<strong>Booking.com Says Hackers Accessed User Information</strong>
Booking.com confirmed that hackers accessed customer booking information in a data breach. The company has contained the incident but has not disclosed the number of affected customers or the full scope of expos…
rss:The Hacker News
—
20:32 KSA
<strong>⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More</strong>
Multiple critical cybersecurity threats identified including a zero-day vulnerability affecting PDF files that has remained undetected for months. State-sponsored actors are c…
rss:BleepingComputer
—
20:32 KSA
<strong>The silent “Storm”: New infostealer hijacks sessions, decrypts server-side</strong>
A new infostealer called 'Storm' employs advanced techniques by sending encrypted browser data directly to attacker-controlled servers for decryption, rather than decrypting locally. This…
rss:SecurityWeek
—
19:16 KSA
<strong>OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack</strong>
OpenAI has been impacted by a North Korea-linked supply chain attack involving the compromise of a macOS code signing certificate through Axios. The AI company is taking remediation actions to address…
rss:The Hacker News
—
19:16 KSA
<strong>Your MTTD Looks Great. Your Post-Alert Gap Doesn't</strong>
Anthropic restricted its Mythos Preview AI model after it autonomously discovered and exploited zero-day vulnerabilities across all major operating systems and browsers. Security experts warn that similar A…
rss:Malwarebytes Lab
—
18:15 KSA
<strong>Simply opening a PDF could trigger this Adobe Reader zero-day</strong>
Adobe confirmed a zero-day vulnerability in Adobe Reader that was actively exploited in the wild. The flaw can be triggered simply by opening a malicious PDF file, making it a critical threat requirin…
rss:SecurityWeek
—
18:15 KSA
<strong>International Operation Targets Multimillion-Dollar Crypto Theft Schemes</strong>
International law enforcement operation across US, UK, and Canada successfully identified over $45 million in stolen cryptocurrency and froze $12 million in assets. The coordinated effort d…
rss:SecurityWeek
—
17:12 KSA
<strong>CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads</strong>
CPUID's website was compromised by Russian-speaking threat actors who replaced legitimate download links with trojanized versions of CPU-Z and HWMonitor utilities. The malicious downloads distributed…
rss:The Hacker News
—
17:11 KSA
<strong>North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware</strong>
North Korean APT37 (ScarCruft) conducted a sophisticated social engineering campaign using Facebook to build trust with targets before delivering RokRAT malware. The multi-stage …
rss:SecurityWeek
—
16:05 KSA
<strong>Fake Claude Website Distributes PlugX RAT</strong>
A fake Claude AI website is distributing PlugX RAT malware by mimicking legitimate Anthropic installation processes. The malware uses DLL sideloading techniques and includes cleanup mechanisms to evade detection.
Source…
rss:SecurityWeek
—
15:00 KSA
<strong>Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users</strong>
Google has introduced end-to-end encryption for Gmail on Android and iOS mobile platforms for enterprise users. This security enhancement allows business users to compose and read encrypt…
rss:The Hacker News
—
15:00 KSA
<strong>OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident</strong>
OpenAI disclosed that a GitHub Actions workflow used for signing macOS apps downloaded a malicious Axios library on March 31. The company revoked its macOS app certificate as a prec…
rss:Malwarebytes Lab
—
13:54 KSA
<strong>A week in security (April 6 &#8211; April 12)</strong>
Weekly security roundup covering cybersecurity topics and threats from April 6-12, 2026. Provides overview of recent security incidents, vulnerabilities, and threat landscape developments relevant to organization…
rss:The Hacker News
—
08:16 KSA
<strong>Why Security Validation Is Becoming Agentic</strong>
Analysis of the evolution of security validation approaches in complex organizations, discussing the shift toward agentic security validation systems. The article examines current validation stacks including BAS tools,…
rss:The Hacker News
—
08:16 KSA
<strong>⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More</strong>
Weekly security roundup covering multiple critical incidents including Chrome zero-day vulnerabilities, router botnet activities, AWS security breaches, and emerging threats fr…
rss:The Hacker News
—
08:16 KSA
<strong>GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos</strong>
GlassWorm malware campaign exploits stolen GitHub tokens to inject malicious code into hundreds of Python repositories. The attack targets various Python projects including Django…
rss:The Hacker News
—
06:54 KSA
<strong>AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds</strong>
A survey of 300 US CISOs reveals that security leaders lack adequate tools and skills to defend AI systems effectively. The AI and Adversarial Testing Benchmark…
rss:The Hacker News
—
06:54 KSA
<strong>Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware</strong>
North Korean threat actors attributed to the Konni hacking group are conducting phishing campaigns to compromise victims and exploit KakaoTalk desktop application for malware distribution…
rss:The Hacker News
—
06:54 KSA
<strong>CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths</strong>
CISA added CVE-2025-47813, a medium-severity information disclosure vulnerability in Wing FTP, to its Known Exploited Vulnerabilities catalog due to active exploitation. The flaw allows at…
rss:The Hacker News
—
05:48 KSA
<strong>LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader</strong>
LeakNet ransomware group has adopted ClickFix social engineering tactics through compromised websites to trick users into executing malicious commands. The attack deploys a Deno in-…
rss:The Hacker News
—
05:48 KSA
<strong>AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE</strong>
Security researchers discovered vulnerabilities in AI platforms Amazon Bedrock, LangSmith, and SGLang that enable data exfiltration through DNS queries and remote code execution. …
rss:The Hacker News
—
05:48 KSA
<strong>Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS</strong>
Apple patched CVE-2026-20643, a WebKit vulnerability affecting iOS, iPadOS, and macOS that allows cross-origin policy bypass through the Navigation API. This flaw could enable a…
rss:The Hacker News
—
04:36 KSA
<strong>Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit</strong>
A high-severity privilege escalation vulnerability (CVE-2026-3888, CVSS 7.8) affects default Ubuntu Desktop installations version 24.04 and later, allowing attackers to gain roo…
rss:The Hacker News
—
04:36 KSA
<strong>Product Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels</strong>
Mesh CSMA provides security teams with contextual analysis to identify and break attack paths that chain together vulnerabilities, misconfigurations, and exposures leading to crit…
rss:The Hacker News
—
04:36 KSA
<strong>9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors</strong>
Nine critical vulnerabilities discovered in low-cost IP KVM devices from four vendors allow unauthenticated attackers to gain root-level access and extensive control over compromised …
rss:Dark Reading
—
03:32 KSA
<strong>Chinese Nexus Actors Shift Focus to Qatar Amid Iranian Conflict</strong>
China-backed threat actors launched two attacks targeting Qatari entities, demonstrating a strategic pivot in response to geopolitical developments involving Iran. This shift highlights the agility …
rss:Dark Reading
—
03:32 KSA
<strong>Xygeni GitHub Action Compromised Via Tag Poison</strong>
Attackers compromised Xygeni's GitHub Action (xygeni/xygeni-action) and operated an active command-and-control implant for up to one week. This supply chain attack targeted an AppSec vendor's development tool, pote…
rss:The Hacker News
—
03:32 KSA
<strong>Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access</strong>
Amazon Threat Intelligence warns of active Interlock ransomware campaign exploiting CVE-2026-20131, a critical zero-day vulnerability (CVSS 10.0) in Cisco Secure Firewall Management …
rss:The Hacker News
—
03:32 KSA
<strong>Claude Code Security and Magecart: Getting the Threat Model Right</strong>
Analysis reveals limitations of static code analysis tools like Claude Code Security against sophisticated Magecart attacks that hide malicious payloads in EXIF data of dynamically loaded third-pa…
rss:The Hacker News
—
03:32 KSA
<strong>Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE</strong>
Critical unpatched vulnerability CVE-2026-32746 discovered in GNU InetUtils telnet daemon allows unauthenticated remote attackers to execute arbitrary code with root privileges. Th…
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Monday, April 13, 2026
CVE Archive ·
Threats ·
News