200
CVEs
38
Threats
0
News
65
Critical
66
CISA KEV
🛡 Security Vulnerabilities (CVE)
Microsoft Office — CVE-2009-0238
Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.
Required Action: Ap…
Microsoft Visual Basic for Applications (VBA) — CVE-2012-1854
Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution.
Required Action: Apply mitigations per vendor instructions, follow applicabl…
Adobe Acrobat — CVE-2020-9715
Adobe Acrobat contains a use-after-free vulnerability that allows for code execution
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigation…
Microsoft Exchange Server — CVE-2023-21529
Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guida…
CVE-2023-36424
Windows Common Log File System Driver Out-of-Bounds Read Privilege Escalation
05:16 KSA
Microsoft Windows — CVE-2023-36424
Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guida…
Microsoft Windows — CVE-2025-60710
Microsoft Windows contains a link following vulnerability that allows for privilege escalation
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the produc…
Fortinet FortiClient EMS — CVE-2026-21643
Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Required Action: Apply mitigations per vendor ins…
Adobe Acrobat and Reader — CVE-2026-34621
Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discon…
NETGEAR DGN2200 Devices OS Command Injection Vulnerability — dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands
Cisco IOS Software and Cisco IOS XE Software Denial-of-Service Vulnerability — A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to r…
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability — The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.
CVE-2019-1367
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2019-1367)
11:01 KSA
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability — Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context of …
Google Chrome WebAudio Use-After-Free Vulnerability — Google Chrome WebAudio contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Microsoft Windows AppX Deployment Extensions Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.
Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability — Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.
CVE-2019-1405
Microsoft Windows UPnP Service Privilege Escalation Vulnerability (CVE-2019-1405)
11:01 KSA
Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation.
CVE-2019-1429
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2019-1429)
11:01 KSA
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability — Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Microsoft Win32k Privilege Escalation Vulnerability — A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.
Webmin Command Injection Vulnerability — An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability.
CVE-2019-15271
Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability — A deserialization of untrusted data vulnerabil
11:01 KSA
Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability — A deserialization of untrusted data vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an attacker to execute code with root privileges.
CVE-2019-15752
Docker Desktop Community Edition Privilege Escalation Vulnerability — Docker Desktop Community Edition contains a vulner
11:01 KSA
Docker Desktop Community Edition Privilege Escalation Vulnerability — Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bi…
CVE-2019-1579
Palo Alto Networks PAN-OS Remote Code Execution Vulnerability — Remote Code Execution in PAN-OS with GlobalProtect Porta
11:01 KSA
Palo Alto Networks PAN-OS Remote Code Execution Vulnerability — Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.
Nagios XI Remote Code Execution Vulnerability — Nagios XI contains a remote code execution vulnerability in which a user can modify the check_plugin executable and insert malicious commands to execute as root.
CVE-2019-16057
D-Link DNS-320 Remote Code Execution Vulnerability — The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote
11:01 KSA
D-Link DNS-320 Remote Code Execution Vulnerability — The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.
CVE-2019-16256
SIMalliance Toolbox Browser Command Injection Vulnerability — SIMalliance Toolbox Browser contains an command injection
11:01 KSA
SIMalliance Toolbox Browser Command Injection Vulnerability — SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying the attack message.
CVE-2019-16278
Nostromo nhttpd Directory Traversal Vulnerability — Nostromo nhttpd contains a directory traversal vulnerability in the
11:01 KSA
Nostromo nhttpd Directory Traversal Vulnerability — Nostromo nhttpd contains a directory traversal vulnerability in the http_verify() function in a non-chrooted nhttpd server allowing for remote code execution.
CVE-2019-1652
Cisco Small Business Routers Improper Input Validation Vulnerability — A vulnerability in the web-based management inter
11:01 KSA
Cisco Small Business Routers Improper Input Validation Vulnerability — A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an aff…
CVE-2019-1653
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability — Cisco Small Business RV320 and RV325
11:01 KSA
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability — Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed d…
CVE-2019-16759
vBulletin PHP Module Remote Code Execution Vulnerability — The PHP module within vBulletin contains an unspecified vulne
11:01 KSA
vBulletin PHP Module Remote Code Execution Vulnerability — The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
CVE-2019-16920
D-Link Multiple Routers Command Injection Vulnerability — Multiple D-Link routers contain a command injection vulnerabil
11:01 KSA
D-Link Multiple Routers Command Injection Vulnerability — Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise.
CVE-2019-16928
Exim Out-of-bounds Write Vulnerability — Exim contains an out-of-bounds write vulnerability which can allow for remote c
11:01 KSA
Exim Out-of-bounds Write Vulnerability — Exim contains an out-of-bounds write vulnerability which can allow for remote code execution.
CVE-2019-17026
Mozilla Firefox And Thunderbird Type Confusion Vulnerability — Mozilla Firefox and Thunderbird contain a type confusion
11:01 KSA
Mozilla Firefox And Thunderbird Type Confusion Vulnerability — Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements.
CVE-2019-17558
Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability — The Apache Solr VelocityResponseWriter
11:01 KSA
Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability — The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution.
CVE-2019-17621
D-Link DIR-859 Router Command Execution Vulnerability — D-Link DIR-859 router contains a command execution vulnerability
11:01 KSA
D-Link DIR-859 Router Command Execution Vulnerability — D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted H…
CVE-2019-18187
Trend Micro OfficeScan Directory Traversal Vulnerability — Trend Micro OfficeScan contains a directory traversal vulnera
11:01 KSA
Trend Micro OfficeScan Directory Traversal Vulnerability — Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution.
CVE-2025-25257
Fortinet FortiWeb Unauthenticated SQL Injection Vulnerability (CVE-2025-25257)
11:01 KSA
Fortinet FortiWeb SQL Injection Vulnerability — Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
CVE-2025-26633
Microsoft Windows MMC Security Feature Bypass Vulnerability (CVE-2025-26633)
11:01 KSA
Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability — Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally.
Qualcomm Multiple Chipsets Use-After-Free Vulnerability — Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
FreeType Out-of-Bounds Write Vulnerability — FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrary code execution.
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability — Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability — Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects.
CVE-2025-2775
SysAid On-Prem XXE Vulnerability in Checkin Processing Enables Admin Takeover
11:01 KSA
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability — SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read p…
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability — SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file rea…
Google Chromium Mojo Sandbox Escape Vulnerability — Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web br…
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user vi…
Srimax Output Messenger Directory Traversal Vulnerability — Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access…
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability — Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability — tj-actions/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading Github Actions Workflow Logs. These secrets may inc…
reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability — reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs.
CVE-2025-31125
Vite Dev Server Improper Access Control - Unauthorized File Content Exposure
11:01 KSA
Vite Vitejs Improper Access Control Vulnerability — Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or serve…
CrushFTP Authentication Bypass Vulnerability — CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to…
Apple Multiple Products Memory Corruption Vulnerability — Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.
Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability — Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, pote…
Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability — Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo’s -R (--chroot) option to run arbitrary commands a…
Langflow Missing Authentication Vulnerability — Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests.
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability — Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability — Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally.
CVE-2025-32709
Windows Ancillary Function Driver WinSock Use-After-Free Privilege Escalation
11:01 KSA
Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability — Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator.
Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability — Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP reque…
Microsoft Windows External Control of File Name or Path Vulnerability — Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Int…
CVE-2025-33073
Microsoft Windows SMB Client Privilege Escalation via Improper Access Control
11:01 KSA
Microsoft Windows SMB Client Improper Access Control Vulnerability — Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machi…
Microsoft SharePoint Improper Authentication Vulnerability — Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view sensitive informati…
Trend Micro Apex One OS Command Injection Vulnerability — Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installatio…
Meta Platforms WhatsApp Incorrect Authorization Vulnerability — Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated user to trigger proc…
CVE-2025-55182
Meta React Server Components RCE Vulnerability - Unauthenticated Code Execution
11:01 KSA
Meta React Server Components Remote Code Execution Vulnerability — Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function e…
CVE-2026-25654
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate u
09:48 KSA
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the abil…
CVE-2026-27668
A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). U
09:48 KSA
A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and gr…
CVE-2026-32171
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a netw
06:19 KSA
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-33120
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
17:32 KSA
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-5992
A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2
03:48 KSA
A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2pListFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publ…
CVE-2026-6012
A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file
03:48 KSA
A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be …
CVE-2026-6013
A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /g
07:54 KSA
A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack may be performed from …
CVE-2026-6014
A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formA
13:55 KSA
A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remot…
CVE-2026-6015
A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/Qui
20:00 KSA
A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch th…
CVE-2026-6016
A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/W
20:00 KSA
A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of the argument WANS results in stack-based buffer overflow. The attack can be init…
CVE-2026-27928
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.
21:54 KSA
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-34617
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could r
17:32 KSA
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining eleva…
CVE-2026-27305
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Dir
05:48 KSA
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files an…
CVE-2026-39942
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id}
02:16 KSA
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id} endpoint accepts a user-controlled filename_disk parameter. By setting this value to match the storage path of another user's file, an attacker can overwrite t…
CVE-2026-27306
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could re
05:48 KSA
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Attacker requires elevated privileges. Exploitation of this issue requires user interaction…
CVE-2026-32190
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
13:16 KSA
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-33114
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
17:32 KSA
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33115
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
17:32 KSA
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-4351
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to,
03:48 KSA
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2.5.9. This is due to the `PMCS::action_handler()` method processing the bulk action `activate`/`deactivate` handlers without any authorization …
CVE-2026-27912
Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.
21:54 KSA
Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2026-30814
A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attac
02:16 KSA
A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash…
CVE-2026-30815
An OS command injection vulnerability in the OpenVPN module
of TP-Link Archer AX53 v1.0 allows an authenticated adjacent
02:16 KSA
An OS command injection vulnerability in the OpenVPN module
of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may …
CVE-2026-30818
An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent
02:16 KSA
An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may a…
CVE-2026-33826
Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent net
17:32 KSA
Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.
CVE-2026-23657
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
21:54 KSA
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-26143
Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.
21:54 KSA
Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-26183
Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.
21:54 KSA
Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.
CVE-2026-27238
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could
15:49 KSA
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malici…
CVE-2026-27283
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in a
15:49 KSA
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-27284
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a cr
21:54 KSA
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the con…
CVE-2026-27287
InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file
05:48 KSA
InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of th…
CVE-2026-27289
Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted f
23:36 KSA
Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of…
CVE-2026-27291
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could resul
21:54 KSA
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious fi…
CVE-2026-27292
Adobe Framemaker versions 2022.8 and earlier are affected by a Use After Free vulnerability that could result in arbitra
07:48 KSA
Adobe Framemaker versions 2022.8 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-27293
Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could resul
07:48 KSA
Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious fi…
CVE-2026-27294
Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted
07:48 KSA
Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context o…
CVE-2026-27295
Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds write vulnerability that could result in a
07:48 KSA
Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-27296
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability tha
07:48 KSA
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
CVE-2026-27297
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability tha
07:48 KSA
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
CVE-2026-27298
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confus
07:48 KSA
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th…
CVE-2026-27310
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result
23:36 KSA
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file…
CVE-2026-27311
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result
23:36 KSA
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file…
CVE-2026-27312
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result
23:36 KSA
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file…
CVE-2026-27313
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result
01:41 KSA
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file…
CVE-2026-27924
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
21:54 KSA
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-32168
Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
06:19 KSA
Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32184
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elev
04:54 KSA
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
CVE-2026-32189
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
11:03 KSA
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32192
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
13:16 KSA
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32197
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
13:16 KSA
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32198
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
17:32 KSA
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32199
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
17:32 KSA
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32200
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
17:32 KSA
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2026-33095
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
17:32 KSA
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33825
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges loc
17:32 KSA
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
CVE-2026-34618
Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds write vulnerability that could result in
05:48 KSA
Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-34627
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could
17:32 KSA
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malici…
CVE-2026-34628
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could
23:36 KSA
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malici…
CVE-2026-34629
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could
23:36 KSA
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malici…
CVE-2026-34630
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result
05:48 KSA
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file…
CVE-2026-34631
InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbit
05:48 KSA
InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-27913
Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.
21:54 KSA
Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-34619
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Dir
05:48 KSA
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized fil…
CVE-2025-52222
D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-840
22:16 KSA
D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a buffer overflow via the rd_en, rd_auth, rd_acct,…
CVE-2026-26154
Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a n
21:54 KSA
Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.
CVE-2026-26171
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
21:54 KSA
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-27282
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could re
05:48 KSA
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this …
CVE-2026-32178
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
12:19 KSA
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32203
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
17:32 KSA
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
CVE-2026-3360
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Ref
03:48 KSA
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the `pay_incomplete_order()` function. The…
CVE-2026-4352
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endp
09:48 KSA
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the `_cct_search` parameter being interpolated directly into a SQL query string via `sprintf(…
CVE-2026-24032
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains a
09:48 KSA
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component.
This could allow an unauthenticated remote attacker to bypass a…
CVE-2026-6004
A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the fil
03:48 KSA
A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /delete-category.php. Performing a manipulation of the argument cat_id results in sql injection. It is possible to initiate the attack remotely. The exploit i…
CVE-2026-6024
A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfu
20:00 KSA
A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly dis…
CVE-2026-6031
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the
22:16 KSA
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been di…
CVE-2026-6036
A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown fu
22:16 KSA
A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown function of the file /util/VehicleDetailsFunction.php. The manipulation of the argument VEHICLE_ID results in sql injection. The attack can be executed remotely. …
CVE-2026-3017
The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to P
09:48 KSA
The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.12 via deserialization of untrusted input in the import_shortcodes() function. This makes it possi…
CVE-2026-4388
The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field (Text Box
09:48 KSA
The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field (Text Box input type) in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization (`sanitize_text_field` strips tag…
CVE-2026-6227
The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` parameter of the `/wp-json/
09:48 KSA
The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` parameter of the `/wp-json/backwpup/v1/getblock` REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive `str_replace()` sanitization of path traversal sequences.…
CVE-2026-32188
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
07:00 KSA
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-33892
A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial
11:48 KSA
A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Management Virtual (All versions >= V2.2.0 < V2.8.0). Affected management systems do …
CVE-2026-34256
Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacke
05:35 KSA
Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is su…
CVE-2026-4344
A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked
15:49 KSA
A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulner…
CVE-2026-4345
A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripti
15:49 KSA
A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary co…
CVE-2026-4369
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and
15:49 KSA
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage thi…
CVE-2026-32080
Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.
03:58 KSA
Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally.
CVE-2026-32195
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
13:16 KSA
Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-32224
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
17:32 KSA
Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a Stored Cross-Site Scripting (XSS) vulnerability. This flaw occurs because the `organization…
CVE-2026-32223
Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a phys
00:48 KSA
Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.
CVE-2026-0390
Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a sec
00:48 KSA
Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.
CVE-2026-32167
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized
00:48 KSA
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-32176
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized
00:48 KSA
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-2582
The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account_hold
13:57 KSA
The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account_holder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a va…
CVE-2026-26155
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
00:48 KSA
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
CVE-2026-27677
Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could upd
07:16 KSA
Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and avai…
CVE-2026-27678
Due to missing authorization checks in the SAP S/4HANA backend OData Service (Manage Reference Structures), an attacker
07:16 KSA
Due to missing authorization checks in the SAP S/4HANA backend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confide…
CVE-2026-27679
Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker
07:16 KSA
Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confid…
CVE-2026-27925
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose informa
00:48 KSA
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.
CVE-2026-32151
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose in
00:48 KSA
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.
CVE-2026-32201
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a netw
00:48 KSA
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-34261
Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could m
09:32 KSA
Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability aff…
CVE-2026-34264
During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due t
09:32 KSA
During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensit…
CVE-2026-1607
The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `s
11:48 KSA
The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `surbma-bookingcom` shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. Th…
CVE-2026-4059
The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the woolentor_quickview_button shor
11:48 KSA
The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the woolentor_quickview_button shortcode's button_text attribute in all versions up to, and including, 3.3.5. This is due to insufficient input sanitization and missing output escaping on user-su…
CVE-2026-27299
Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead
07:16 KSA
Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to access sensitive files or data on the system. Exploitation of this issue require…
CVE-2026-34626
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Mo
00:48 KSA
Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary file system read in the context of the current us…
CVE-2026-32072
Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.
00:48 KSA
Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.
CVE-2026-0512
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catal
07:16 KSA
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browse…
CVE-2026-21331
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. I
00:48 KSA
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the …
CVE-2026-26169
Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.
00:48 KSA
Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.
CVE-2026-27674
Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated att
07:16 KSA
Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affecte…
CVE-2026-32088
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service
00:48 KSA
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-32196
Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an u
00:48 KSA
Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-33822
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
00:48 KSA
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-34257
Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft
09:32 KSA
Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and inte…
CVE-2026-34614
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. I
00:48 KSA
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the …
CVE-2026-6203
The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5
07:16 KSA
The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via the 'redirect_to_on_logout' GET parameter before redirecting users. The `redirect_…
CVE-2026-32226
Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an
00:48 KSA
Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-23653
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio
00:48 KSA
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.
CVE-2026-23670
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to by
00:48 KSA
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
CVE-2026-20806
Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose i
00:48 KSA
Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.
CVE-2026-27222
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application
02:54 KSA
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or render it unresponsive. Exploitation of this issue requires user in…
CVE-2026-27258
DNG SDK versions 1.7.1 2502 and earlier are affected by an out-of-bounds write vulnerability that could lead to applicat
00:48 KSA
DNG SDK versions 1.7.1 2502 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to corrupt memory, causing the application to crash or become unresponsive. Exploitation of…
CVE-2026-27285
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could
00:48 KSA
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or disrupt its functionality. Exploitation of this…
CVE-2026-27286
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could
00:48 KSA
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires …
CVE-2026-27300
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could
07:16 KSA
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction …
CVE-2026-27301
Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead
07:16 KSA
Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user i…
CVE-2026-27930
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
00:48 KSA
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
CVE-2026-27931
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
00:48 KSA
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
CVE-2026-32079
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to dis
00:48 KSA
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-32081
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to dis
00:48 KSA
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-32084
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to dis
00:48 KSA
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-32085
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacke
00:48 KSA
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally.
CVE-2026-32181
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.
00:48 KSA
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.
⚠️ Threat Intelligence
38 threats
rss:Recorded Future
—
12:51 KSA
<strong>Iran War: Future Scenario and Business Implications</strong>
Analysis of potential Iran conflict scenarios and their implications for business operations and cybersecurity posture. Geopolitical tensions with Iran pose significant cyber threats to critical infrastructure …
rss:Dark Reading
—
03:32 KSA
<strong>Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads</strong>
Organizations must test DDoS defenses during peak operational periods, not just in controlled environments. Testing during high-demand scenarios like tax deadlines ensures networks can wi…
rss:Dark Reading
—
03:32 KSA
<strong>EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses</strong>
EDR-killer malware using bring-your-own-vulnerable-driver (BYOVD) techniques poses significant challenges to endpoint security. Attackers exploit legitimate but vulnerable drivers to disable securit…
rss:BleepingComputer
—
03:32 KSA
<strong>Over 100 Chrome extensions in Web Store target users accounts and data</strong>
Over 100 malicious Chrome extensions discovered in the official Web Store actively stealing Google OAuth2 Bearer tokens and user credentials. The extensions deploy backdoors and conduct ad fr…
rss:Recorded Future
—
01:17 KSA
<strong>A New Way to Buy Recorded Future: Solutions and Packages Built for the 2026 Threat Landscape</strong>
Recorded Future announces new pricing structure bundling threat intelligence capabilities into four solutions and three tiered plans with unlimited users and integration…
rss:BleepingComputer
—
01:17 KSA
<strong>Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days</strong>
Microsoft released April 2026 Patch Tuesday updates addressing 167 security vulnerabilities, including 2 actively exploited zero-day flaws. Organizations using Microsoft products should prioritize i…
rss:Recorded Future
—
00:16 KSA
<strong>Iran War: Future Scenario and Business Improvements</strong>
Analysis of potential Iran conflict scenarios and their implications for business operations and cybersecurity posture. Focuses on geopolitical cyber threats and preparedness strategies for organizations in the…
rss:SecurityWeek
—
00:16 KSA
<strong>Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities</strong>
Microsoft released patches for 161 vulnerabilities including an actively exploited SharePoint zero-day vulnerability. This represents the second-largest Patch Tuesday release by CVE co…
rss:Dark Reading
—
00:16 KSA
<strong>Wargame Exercise Demonstrates How Social Media Manipulation Works</strong>
Educational wargame 'Capture the Narrative' trained students to create social media bots for election manipulation, demonstrating real-world disinformation tactics. The exercise highlights vulnera…
rss:BleepingComputer
—
00:16 KSA
<strong>Windows 11 cumulative updates KB5083769 & KB5082052 released</strong>
Microsoft released Windows 11 cumulative updates KB5083769 and KB5082052 for versions 25H2/24H2 and 23H2, addressing security vulnerabilities and bugs while adding new features. Organizations shoul…
rss:BleepingComputer
—
00:16 KSA
<strong>McGraw-Hill confirms data breach following extortion threat</strong>
Education publisher McGraw-Hill confirmed a data breach where attackers exploited a Salesforce misconfiguration to access internal data. The incident involved extortion threats, highlighting risks of cl…
rss:BleepingComputer
—
00:16 KSA
<strong>Microsoft releases Windows 10 KB5082200 extended security update</strong>
Microsoft released Windows 10 KB5082200 extended security update addressing April 2026 Patch Tuesday vulnerabilities, including two actively exploited zero-day vulnerabilities. This critical update…
rss:SecurityWeek
—
23:13 KSA
<strong>Adobe Patches 55 Vulnerabilities Across 11 Products</strong>
Adobe released security patches for 55 vulnerabilities across 11 products, with critical ColdFusion vulnerabilities identified as the highest risk for exploitation. Organizations using Adobe products should pri…
rss:The Hacker News
—
23:13 KSA
<strong>New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released</strong>
Two high-severity command injection vulnerabilities discovered in Composer PHP package manager could allow attackers to execute arbitrary commands. The flaws affect Perforce VCS integra…
rss:BleepingComputer
—
23:13 KSA
<strong>Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto</strong>
A fraudulent Ledger Live application distributed through Apple's App Store for macOS successfully stole approximately $9.5 million in cryptocurrency from 50 victims within days. This incident highli…
rss:The Hacker News
—
21:58 KSA
<strong>AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud</strong>
Cybersecurity researchers discovered a sophisticated ad fraud scheme using AI-generated content and SEO poisoning to inject deceptive news stories into Google Discover feed. The…
rss:BleepingComputer
—
21:57 KSA
<strong>Microsoft rolls out fast-track to reinstate Windows hardware dev accounts</strong>
Microsoft introduced a fast-track process to restore developer access to Windows Hardware Program accounts after widespread suspensions without warning. This incident highlights supply cha…
rss:The Hacker News
—
20:54 KSA
<strong>Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security</strong>
Google has integrated a Rust-based DNS parser into Pixel 10 modem firmware to enhance device security through memory-safe code. This implementation aims to reduce security vulnerabilities …
rss:BleepingComputer
—
20:54 KSA
<strong>5 Ways Zero Trust Maximizes Identity Security</strong>
Stolen credentials continue to be a primary attack vector enabling privilege escalation. Zero Trust architecture addresses this by implementing identity-first security controls, enforcing device trust verification, a…
rss:SecurityWeek
—
19:48 KSA
<strong>‘Mythos-Ready’ Security: CSA Urges CISOs to Prepare for Accelerated AI Threats</strong>
AI models like Mythos are dramatically reducing the time between vulnerability discovery and exploitation, creating high-velocity cyberattacks. CISOs have a shrinking window to prepar…
rss:Malwarebytes Lab
—
18:45 KSA
<strong>Omnistealer uses the blockchain to steal everything it can</strong>
Omnistealer is an advanced information-stealing malware that targets password managers, saved credentials, cloud storage accounts, and cryptocurrency wallets. The malware leverages blockchain technology …
rss:SecurityWeek
—
18:45 KSA
<strong>Europe’s Largest Gym Chain Says Data Breach Impacts 1 Million Members</strong>
Basic-Fit, Europe's largest gym chain, suffered a data breach affecting 1 million members. Hackers stole personal information including names, dates of birth, and bank account details, posing …
rss:SecurityWeek
—
17:36 KSA
<strong>Triad Nexus Evades Sanctions to Fuel Cybercrime</strong>
A large-scale cybercrime operation called Triad Nexus exploits major service providers to evade sanctions and prevent infrastructure takedowns. The group's sophisticated evasion tactics allow it to maintain persist…
rss:SecurityWeek
—
17:36 KSA
<strong>SAP Patches Critical ABAP Vulnerability</strong>
SAP released 19 security notes addressing vulnerabilities across multiple enterprise products, including a critical flaw in ABAP. Organizations using SAP systems should prioritize patching to prevent potential exploitation…
rss:The Hacker News
—
17:36 KSA
<strong>Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads</strong>
Mirax Android RAT targets Spanish-speaking users through Meta platform advertisements, compromising over 220,000 accounts across Facebook, Instagram, Messenger, and Threads. The m…
rss:Malwarebytes Lab
—
16:29 KSA
<strong>ChatGPT under scrutiny as Florida investigates campus shooting</strong>
Investigation reveals AI chatbots may fail to prevent dangerous conversations, raising concerns about AI safety controls and content moderation. Research indicates chatbots don't consistently shut do…
rss:SecurityWeek
—
16:29 KSA
<strong>Google Adds Rust DNS Parser to Pixel Phones for Better Security</strong>
Google has integrated a Rust-based DNS parser into Pixel phones to eliminate memory safety vulnerabilities in low-level system components. This proactive security measure addresses an entire class o…
rss:SecurityWeek
—
16:29 KSA
<strong>Nightclub Giant RCI Hospitality Reports Data Breach</strong>
RCI Hospitality disclosed in an SEC filing that an Insecure Direct Object Reference (IDOR) vulnerability in RCI Internet Services resulted in unauthorized exposure of contractor data. The vulnerability allowed …
rss:The Hacker News
—
16:28 KSA
<strong>Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)</strong>
OX Security analyzed 216 million security findings across 250 organizations, revealing a 400% increase in critical risk despite only 52% growth in total alerts. The surge is at…
rss:SecurityWeek
—
15:21 KSA
<strong>Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities</strong>
Critical vulnerabilities in Windows and Adobe Acrobat are being actively exploited by attackers. These security defects enable privilege escalation and remote arbitrary code execution, posi…
rss:The Hacker News
—
15:21 KSA
<strong>108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users</strong>
Researchers discovered 108 malicious Chrome extensions connected to the same command-and-control infrastructure, designed to steal user data from Google and Telegram accounts.…
rss:The Hacker News
—
12:18 KSA
<strong>CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software</strong>
CISA added six actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, affecting Fortinet, Microsoft, and Adobe software. The vulnerabilities include SQL inje…
rss:The Hacker News
—
12:18 KSA
<strong>ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers</strong>
A critical remote code execution vulnerability (CVE-2025-0520) in ShowDoc, a popular document management platform in China, is being actively exploited in the wild. The flaw has a CVSS score …
rss:Dark Reading
—
04:18 KSA
<strong>CSA: CISOs Should Prepare for Post-Mythos Exploit Storm</strong>
Cloud Security Alliance warns CISOs of an impending 'AI vulnerability storm' following Anthropic's Claude Mythos release. Security experts anticipate increased exploitation attempts targeting AI systems and…
rss:BleepingComputer
—
04:18 KSA
<strong>European Gym giant Basic-Fit data breach affects 1 million members</strong>
Dutch fitness company Basic-Fit suffered a data breach exposing personal information of one million customers. The incident demonstrates risks to customer data in the fitness and wellness sector,…
rss:Dark Reading
—
03:16 KSA
<strong>Adobe Patches Actively Exploited Zero-Day That Lingered for Months</strong>
Adobe has patched a zero-day vulnerability in Acrobat and Reader that was actively exploited for at least four months using malicious PDF files. The prolonged exploitation period indicates a soph…
rss:BleepingComputer
—
03:16 KSA
<strong>Stolen Rockstar Games analytics data leaked by extortion gang</strong>
Rockstar Games experienced a data breach through a security incident at analytics provider Anodot. The ShinyHunters extortion gang has leaked the stolen analytics data on their data leak site, exposin…
rss:BleepingComputer
—
03:16 KSA
<strong>Critical flaw in wolfSSL library enables forged certificate use</strong>
A critical vulnerability has been discovered in the wolfSSL SSL/TLS library affecting ECDSA signature verification. The flaw allows improper verification of hash algorithms, potentially enabling att…
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Tuesday, April 14, 2026
CVE Archive ·
Threats ·
News