200
CVEs
43
Threats
0
News
82
Critical
82
CISA KEV
🛡 Security Vulnerabilities (CVE)
CVE-2026-41940
WebPros cPanel & WHM and WP2 (WordPress Squared) — CVE-2026-41940
WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPr
05:48 KSA
WebPros cPanel & WHM and WP2 (WordPress Squared) — CVE-2026-41940
WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the co…
Adobe Acrobat and Reader Unspecified Vulnerability — Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.
Adobe Reader and Acrobat Input Validation Vulnerability — Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.
Oracle VirtualBox Insufficient Input Validation Vulnerability — An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code.
CVE-2009-0556
Microsoft Office PowerPoint Code Injection via OutlineTextRefAtom Memory Corruption
11:01 KSA
Microsoft Office PowerPoint Code Injection Vulnerability — Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers m…
Microsoft Office Object Record Corruption Vulnerability — Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object.
Microsoft Office Buffer Overflow Vulnerability — Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.
Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability — Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability — Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).
CVE-2010-0188
Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability CVE-2010-0188
11:01 KSA
Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability — Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code.
Microsoft Windows Kernel Exception Handler Vulnerability — The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges.
Red Hat JBoss Authentication Bypass Vulnerability — The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET hand…
CVE-2010-0840
Oracle JRE Unspecified Vulnerability Affecting Confidentiality, Integrity, and Availability
11:01 KSA
Oracle JRE Unspecified Vulnerability — Unspecified vulnerability in the Java Runtime Environment (JRE) in Java SE component allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors.
Adobe Flash Player Memory Corruption Vulnerability — Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Red Hat JBoss Information Disclosure Vulnerability — Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could us…
Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability — JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Securit…
Microsoft Windows Remote Code Execution Vulnerability — Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerabi…
Microsoft PowerPoint Buffer Overflow Vulnerability — Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.
Adobe ColdFusion Directory Traversal Vulnerability — A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.
Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability — Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability — Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).
Microsoft Office Stack-based Buffer Overflow Vulnerability — A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.
Mozilla Multiple Products Remote Code Execution Vulnerability — Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::Conten…
Linux Kernel Improper Input Validation Vulnerability — Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system call…
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability — Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS…
Exim Heap-Based Buffer Overflow Vulnerability — Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session.
Exim Privilege Escalation Vulnerability — Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands.
Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability — Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.
SAP NetWeaver Remote Code Execution Vulnerability — SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request.
Ubiquiti AirOS Command Injection Vulnerability — Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.
Adobe Flash Player Unspecified Vulnerability — Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Adobe Flash Player Remote Code Execution Vulnerability — Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.
Android OS Privilege Escalation Vulnerability — The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lo…
Microsoft Forefront TMG Remote Code Execution Vulnerability — A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application.
Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability — afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted applic…
Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability — The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).
Microsoft Windows Remote Code Execution Vulnerability — Microsoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute arbitrary code via crafted font data in a Wo…
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability — An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.
D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability — The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information.
Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability — The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-as…
Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability — Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user.
Apache Struts 2 Improper Input Validation Vulnerability — The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution.
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability — An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.
Oracle Fusion Middleware Unspecified Vulnerability — Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors
Adobe Flash Player Memory Corruption Vulnerability — Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability — Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.
Adobe Flash Player Arbitrary Code Execution Vulnerability — Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.
Oracle Fusion Middleware Unspecified Vulnerability — Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Designer.
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related…
PHP-CGI Query String Parameter Vulnerability — sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.
Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability — The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corr…
Microsoft XML Core Services Memory Corruption Vulnerability — Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.
Adobe Flash Player Memory Corruption Vulnerability — Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).
Microsoft Word Remote Code Execution Vulnerability — Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.
Oracle Fusion Middleware Unspecified Vulnerability — Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems.
Microsoft Internet Explorer Use-After-Free Vulnerability — Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.
Exim Mail Transfer Agent (MTA) Improper Input Validation — Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated co…
Microsoft Task Scheduler Privilege Escalation Vulnerability — A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.
MongoDB mongo-express Remote Code Execution Vulnerability — mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method.
Reolink Multiple IP Cameras OS Command Injection Vulnerability — Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail" functionality …
PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability — In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.
Microsoft Windows AppX Deployment Service Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links.
Microsoft Win32k Privilege Escalation Vulnerability — A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability — Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI.
CVE-2019-11539
Ivanti Pulse Connect Secure Command Injection Vulnerability (CVE-2019-11539)
11:01 KSA
Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability — Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands.
Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability — Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds.
Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability — Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution.
Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability — Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local …
Mozilla Firefox and Thunderbird Type Confusion Vulnerability — Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash.
Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability — Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution.
Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability — Microsoft Windows Common Log File System (CLFS) driver improperly handles objects in memory which can allow for privilege escalation.
CVE-2019-1215
Microsoft Windows Winsock Privilege Escalation Vulnerability (CVE-2019-1215)
11:01 KSA
Microsoft Windows Privilege Escalation Vulnerability — Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation allows an attacker to execute code with elevat…
Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.
Microsoft Excel Remote Code Execution Vulnerability — A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory.
Citrix SD-WAN and NetScaler SQL Injection Vulnerability — Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.
Citrix SD-WAN and NetScaler Command Injection Vulnerability — Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.
Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file…
Microsoft Windows Privilege Escalation Vulnerability — A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Linux Kernel Improper Privilege Management Vulnerability — Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access.
CVE-2019-13608
Citrix StoreFront XXE Vulnerability Allows Unauthenticated Information Disclosure
11:01 KSA
Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability — Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.
Palo Alto Networks PAN-OS Remote Code Execution Vulnerability — Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.
CVE-2026-41463
ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality
02:18 KSA
ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outside the intended extraction directory by crafting ZIP archives with directory tra…
CVE-2026-7080
A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the f
17:54 KSA
A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the argument delno leads to buffer overflow. The attack may be launched remotely. The e…
CVE-2026-6389
IBM Turbonomic Excessive Cluster Permissions and Secret Access Vulnerability
08:54 KSA
IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensi…
CVE-2026-7119
A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCoun
02:18 KSA
A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injection. The attack may be performed from remote. The exploit is now public and may …
CVE-2026-7106
The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to a
00:06 KSA
The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscrm_save_user_roles() function, which is hooked to the personal_options_update act…
CVE-2026-7101
A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/Wrl
00:06 KSA
A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to th…
CVE-2026-7100
A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Nat
00:06 KSA
A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overflow. The attack may be launched remotely. The exploit has been published and may …
CVE-2026-7099
A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /gof
00:06 KSA
A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mit_linktype results in buffer overflow. The attack may be initiated remotely. …
CVE-2026-7098
A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the fil
00:06 KSA
A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The explo…
CVE-2026-7097
A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the fi
00:06 KSA
A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The…
CVE-2026-7096
A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of
00:06 KSA
A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possible to launch the attack remotely…
CVE-2026-7082
A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file
00:06 KSA
A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack can be executed remotely. The ex…
CVE-2026-7081
A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDh
00:06 KSA
A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. Remote exploitation of the attack is possible. The e…
CVE-2026-7079
A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSet
13:48 KSA
A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This manipulation of the argument wanmode causes buffer overflow. The attack may be initiated remotely. The exploit has been made av…
CVE-2026-7078
A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the fil
05:32 KSA
A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. The manipulation of the argument page results in buffer overflow. The attack can be launched remotely. The exploit h…
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text …
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifying files, or launching further attacks on…
CVE-2026-7503
Buffer Overflow in code-projects Plugin 4.1.2cu.5137 setWiFiMultipleConfig Function
08:54 KSA
A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cste_modules/wireless.so of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument wepkey2 results in buffer overflow. Th…
A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has …
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The mi…
CVE-2026-7399
Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege
03:32 KSA
Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse.
This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.
CVE-2026-7402
Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding.
This
03:32 KSA
Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding.
This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.
CVE-2025-14576
Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicio
10:32 KSA
Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead t…
CVE-2026-31787
In the Linux kernel, the following vulnerability has been resolved:
xen/privcmd: fix double free via VMA splitting
pri
02:16 KSA
In the Linux kernel, the following vulnerability has been resolved:
xen/privcmd: fix double free via VMA splitting
privcmd_vm_ops defines .close (privcmd_close), but neither .may_split
nor .open. When userspace does a partial munmap() on a privcmd mapping,
the kernel splits the…
CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure
Access Windows client prior to 14.50. Attackers with local control of
the Windows client can send malformed data to an API and elevate their
level of privilege to system.
CVE-2026-5941
Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form fiel
02:18 KSA
Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.
CVE-2026-5174
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation.
This issue
03:32 KSA
Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation.
This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.
CVE-2026-28136
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs WP SMS
05:22 KSA
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs WP SMS wp-sms allows SQL Injection.This issue affects WP SMS: from n/a through
CVE-2026-31952
Xibo is an open source digital signage platform with a web content management system and Windows display player software
21:48 KSA
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticat…
CVE-2026-33932
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to versio
11:08 KSA
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a CCDA document to execute arbitra…
CVE-2026-34365
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and
21:54 KSA
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery (SSRF) vulnerability exists in the Estimate PDF generation module. User-supplied HTML in the e…
CVE-2026-34366
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and
21:54 KSA
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery (SSRF) vulnerability exists in the Payment receipt PDF generation module. User-supplied HTML i…
CVE-2026-34426
OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment varia
03:23 KSA
OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval s…
CVE-2026-41297
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functi
00:49 KSA
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows attackers to access internal resources by following unvalidated redirects. The marketplace.ts module fails to restrict redirect destinations…
CVE-2026-41302
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functi
02:44 KSA
OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionality that allows remote attackers to make arbitrary network requests. Attackers can exploit unguarded fetch() calls to access internal resources or interact …
CVE-2018-25246
Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application
21:54 KSA
Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. Attackers can paste a large buffer of repeated characters into the search bar to trigger an app…
CVE-2018-25294
CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the app
18:54 KSA
CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condit…
CVE-2019-25552
CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submi
11:22 KSA
CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Attackers can paste a large string of repeated characters into the password input during the upload proc…
CVE-2019-25560
Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by pro
11:22 KSA
Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files. Attackers can create a crafted MP3 file with an oversized buffer and trigger the crash by opening the file through the Browse song …
CVE-2019-25579
phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbit
11:22 KSA
phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the path parameter. Attackers can send requests to the jQueryFileUploadmaster server endpoint with traversal sequences ../../../../..…
CVE-2019-25605
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials
11:22 KSA
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password func…
CVE-2019-25613
Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by
11:22 KSA
Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an …
CVE-2019-25652
UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification
03:24 KSA
UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attacke…
CVE-2019-25654
Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplyin
21:26 KSA
Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the domain configuration to tr…
CVE-2019-25686
Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attack
18:17 KSA
Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the service by sending a malformed command with an oversized buffer. Attackers can send a PBSZ command with a payload exceeding 211 bytes to trigge…
CVE-2019-25706
Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom
09:00 KSA
Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and …
CVE-2020-36939
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary
04:01 KSA
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and…
CVE-2020-36995
Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerability that allows attackers to crash the application
04:01 KSA
Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the user configuration input. Attackers can overwrite the 'User' field with 350 bytes of repeated characters to trigger an application crash and…
CVE-2020-37015
Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory traversal vulnerability that allows unauthenticated attac
04:01 KSA
Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the /download.do endpoint with '../' sequences to retri…
CVE-2020-37034
HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by
04:01 KSA
HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuratio…
CVE-2020-37038
Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulat
04:01 KSA
Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5000 repeated characters into the search field to trigger an application crash.
CVE-2020-37039
Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversi
04:01 KSA
Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversized input to the command line interface. Attackers can generate a payload of 8000 repeated characters and paste it into the application's command line field to …
CVE-2020-37041
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can
04:01 KSA
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. For example, requesting /stati…
CVE-2020-37085
VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by send
04:01 KSA
VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the send_say() method, causing th…
CVE-2020-37088
School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary file
04:01 KSA
School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retriev…
CVE-2020-37092
Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to acc
04:01 KSA
Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to the…
CVE-2020-37093
Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve W
04:01 KSA
Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcore_get.cgi endpoint. Attackers can send a GET request to the endpoint to extract sensitive network credentials including SSID and…
CVE-2020-37097
Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details
04:01 KSA
Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and plaintext password stored …
CVE-2020-37104
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database
04:01 KSA
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate se…
CVE-2020-37107
Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting
04:01 KSA
Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20,000 repeated characters and paste it into the account field to cause the applic…
CVE-2020-37109
aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by ov
04:01 KSA
aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Subject title field with a large buffer. Attackers can generate a 1000-character buffer and paste it into the Subject title to trigger an applicat…
CVE-2020-37122
SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the applica
04:01 KSA
SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code to trigger the applica…
CVE-2020-37130
Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers
04:01 KSA
Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 bytes of repeated characters to trigger an application crash when pasted into the reg…
CVE-2020-37133
UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allow
04:01 KSA
UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application cras…
CVE-2020-37134
UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash the application by man
04:01 KSA
UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash the application by manipulating VNC Server input. Attackers can generate a malformed 256-byte payload and paste it into the VNC Server connection dialog to trigger an application cra…
CVE-2020-37135
AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using
04:01 KSA
AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system.
CVE-2020-37136
ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers
04:01 KSA
ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input with a 2000-byte buffer, causing the application to become unresponsive when attem…
CVE-2020-37143
ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application
04:01 KSA
ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password field with 257 bytes of repeated characters to trigger an application crash and …
CVE-2020-37146
ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers
04:01 KSA
ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /config_backup.bin endpoint, …
CVE-2020-37150
Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp page in unsetup mode, w
04:01 KSA
Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive infor…
CVE-2020-37155
Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash th
04:01 KSA
Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte payload of repeated 'A' characters to trigger an application crash without requir…
CVE-2020-37157
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrie
04:01 KSA
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and …
CVE-2020-37173
AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details thr
04:01 KSA
AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by man…
CVE-2020-37175
P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by
04:01 KSA
P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash on iOS devices.
CVE-2020-37177
BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting
04:01 KSA
BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash an…
CVE-2020-37178
KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling.
04:01 KSA
KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash.
CVE-2020-37179
APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the applicatio
04:01 KSA
APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application…
CVE-2020-37180
GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by
04:01 KSA
GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash.
CVE-2020-37182
Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the ap
04:01 KSA
Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation fau…
CVE-2020-37185
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by o
04:01 KSA
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash…
CVE-2020-37187
SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers t
04:01 KSA
SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.
CVE-2020-37188
SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers
04:01 KSA
SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become unresponsiv…
CVE-2020-37189
TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers t
04:01 KSA
TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an application crash.
CVE-2020-37190
Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows attackers to crash the
04:01 KSA
Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting 5000 characters into the User Name or Registration Code input fie…
CVE-2020-37191
Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to
04:01 KSA
Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting a large 5000-character payload into the User Name and Re…
CVE-2020-37193
ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by
04:01 KSA
ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared text file with specific characters to trigger an application crash when selecting…
CVE-2020-37194
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by s
04:01 KSA
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-character payload file and paste it into the registration key field to trigger an applic…
CVE-2020-37195
BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field that allows attacker
04:01 KSA
BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.
CVE-2020-37196
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the applicati
04:01 KSA
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an…
CVE-2020-37197
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the applicati
04:01 KSA
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an app…
CVE-2020-37198
Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by
04:01 KSA
Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger …
CVE-2020-37200
NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to
04:01 KSA
NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration key field to trigger an a…
CVE-2022-50992
Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet i
03:32 KSA
Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachme…
CVE-2024-13971
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-
05:36 KSA
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.
Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.
CVE-2026-2892
The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including
03:32 KSA
The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'get_customer_data' method relying on an unsigned 'o_stripe_data' cookie to determine Stripe product ownership for unauthenticated u…
CVE-2026-33449 is a buffer overflow in a message handling function of
the Secure Access client prior to 14.50. Attackers with control of
a modified server can send a cryptographically valid message to the
client, overwriting a small portion of memory conceivably leading to a
…
CVE-2026-41317
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-
00:06 KSA
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS).`press.api.account.create_api_secret` is prone to CSRF-like exploits. This endpoint writes to database and it is also accessible via GET method. …
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key.
CVE-2026-4708
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9,
18:01 KSA
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4709
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR <
18:01 KSA
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4712
Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Th
18:01 KSA
Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4713
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9,
18:01 KSA
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4714
Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.
18:01 KSA
Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4719
Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 1
18:01 KSA
Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVE-2026-4726
Denial-of-service in the XML component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
18:01 KSA
Denial-of-service in the XML component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVE-2026-4727
Denial-of-service in the Libraries component in NSS. This vulnerability affects Firefox < 149 and Thunderbird < 149.
18:01 KSA
Denial-of-service in the Libraries component in NSS. This vulnerability affects Firefox < 149 and Thunderbird < 149.
CVE-2026-4987
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amo
03:24 KSA
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the create_payment_intent() function performing a payment validation solely based on the …
CVE-2026-5032
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.
19:32 KSA
The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which…
CVE-2026-5050
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptog
00:16 KSA
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successful_request() handlers calculating a local signature but not validating Ds_Signature from…
CVE-2026-5115
The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijackin
03:28 KSA
The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device.
It was internally discove…
CVE-2026-5201
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loade
21:26 KSA
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user inte…
CVE-2026-5710
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading t
20:43 KSA
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File Read in versions up to and including 1.3.9.6. This is due to the plugin using client-supplied mfile[] POST values as the source of truth for em…
CVE-2026-6351
MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers
20:00 KSA
MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files.
CVE-2026-6947
DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticat
09:32 KSA
DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, allowing unauthenticated adjacent network attackers to bypass login attempt limits to perform brute-force attacks to gain control over the device.
CVE-2026-6857
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggre
20:51 KSA
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows …
In JetBrains IntelliJ IDEA before 2024.3.7.1,
2025.1.7.1,
2025.2.6.2,
2025.3.4.1,
2026.1.1 reading arbitrary local files was possible via built-in web server
A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely.…
⚠️ Threat Intelligence
43 threats
rss:Dark Reading
—
03:54 KSA
Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug
An AI-assisted software scanning tool has identified a 9-year-old vulnerability in Linux with a proof-of-concept exploit requiring only 10 lines of code. Although the vulnerability is severe, a patch …
rss:Malwarebytes Lab
—
02:44 KSA
More PayPal emails hijacked to deliver tech support scams
Scammers are exploiting compromised PayPal email accounts to distribute phishing messages that trick victims into contacting fraudulent technical support numbers. This attack leverages the trust associate…
rss:Dark Reading
—
02:44 KSA
Anthropic's Mythos Has Landed: Here's What Comes Next for Cyber
Anthropic's new AI model Mythos presents emerging threats to cybersecurity infrastructure and practices. Industry leaders are discussing potential impacts on security operations and defens…
rss:SecurityWeek
—
01:36 KSA
AI Fuels ‘Industrial’ Cybercrime as Time-to-Exploit Shrinks to Hours
AI-enabled cybercrime has become industrialized, enabling attackers to conduct large-scale operations with unprecedented speed and success rates. Organizations must adopt AI and automation-driv…
rss:SecurityWeek
—
01:36 KSA
Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge
Anthropic launches Claude Security as a defensive tool to counter AI-powered exploitation threats. The solution aims to help security teams maintain pace with rapidly evolving attack methodolo…
rss:BleepingComputer
—
01:36 KSA
New Bluekit phishing service includes an AI assistant, 40 templates
Bluekit is a new phishing kit offering over 40 templates targeting popular services with integrated AI capabilities for generating phishing campaign drafts. This tool lowers the barrier to entry…
rss:The Hacker News
—
00:16 KSA
PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials
PyTorch Lightning, a popular Python package, was compromised in a supply chain attack with malicious versions 2.6.2 and 2.6.3 uploaded to PyPI to steal user credentials. The attack wa…
rss:BleepingComputer
—
00:16 KSA
Romanian leader of online swatting ring gets 4 years in prison
A Romanian national leading an online swatting ring targeting over 75 public officials, journalists, and religious institutions was sentenced to 4 years in federal prison. Swatting involves making fa…
rss:Malwarebytes Lab
—
22:54 KSA
Hackers stole hundreds of thousands of Roblox accounts: Here’s what to do
Hackers distributed malicious fake Roblox game enhancement tools to steal login credentials from hundreds of thousands of players. The compromised accounts were subsequently sold on underg…
rss:BleepingComputer
—
22:54 KSA
FBI links cybercriminals to sharp surge in cargo theft attacks
The FBI has issued a warning about a significant increase in cyber-enabled cargo theft targeting the transportation and logistics industry, with losses exceeding $725 million in 2025 across the Unite…
rss:CISA Advisories
—
22:53 KSA
ABB PCM600
A critical vulnerability in ABB PCM600 versions 1.5 through 2.13 allows remote attackers to execute arbitrary code by sending specially crafted messages to the system node. This could lead to complete system compromise.
Source: https://www.cisa.gov/n…
rss:CISA Advisories
—
22:53 KSA
ABB System 800xA, Symphony Plus IEC 61850
A vulnerability in ABB's IEC 61850 communication stack implementation affects MMS client applications used in automation control systems. The vulnerability could potentially be exploited to compromise the integrity and a…
rss:CISA Advisories
—
22:53 KSA
ABB Ability OPTIMAX
A vulnerability in ABB Ability OPTIMAX 6.1 allows attackers to bypass user authentication when Azure Active Directory Single-Sign-On integration is enabled. Successful exploitation could grant unauthorized access to critical operational syste…
rss:SecurityWeek
—
21:48 KSA
SAP NPM Packages Targeted in Supply Chain Attack
SAP NPM packages were compromised in a supply chain attack called Mini Shai-Hulud that injected malicious preinstall hooks to fetch and execute unauthorized binaries. This attack bypassed security monitoring mecha…
rss:SecurityWeek
—
21:48 KSA
SonicWall Urges Immediate Patching of Firewall Vulnerabilities
SonicWall has identified critical vulnerabilities in its firewall products that could allow attackers to bypass security controls and access restricted services. These bugs pose an immediate threat t…
rss:BleepingComputer
—
21:48 KSA
April KB5083769 Windows 11 update causes backup software failures
The April 2026 KB5083769 security update for Windows 11 causes compatibility issues that break third-party backup applications across multiple vendors. This vulnerability in the update creates pot…
rss:CISA Advisories
—
21:48 KSA
ABB Edgenius Management Portal
ABB Edgenius Management Portal contains a vulnerability allowing attackers to send specially crafted messages to install arbitrary code, uninstall applications, and modify system configurations. This enables complete system comprom…
rss:CISA Advisories
—
21:48 KSA
ABB AWIN Gateways
ABB AWIN Gateways contain vulnerabilities allowing remote device reboot and unauthenticated queries to expose system configuration and sensitive details. Multiple firmware versions are affected by these critical vulnerabilities.
Source: https:…
rss:CISA Advisories
—
21:48 KSA
ABB Ability Symphony Plus Engineering
ABB Ability Symphony Plus Engineering contains vulnerabilities in PostgreSQL version 13.11 and earlier. Attackers who gain access to the S+ Client Server network could exploit these vulnerabilities to compromise the system.
…
rss:Recorded Future
—
20:22 KSA
Building with AI: Here's What No Briefing Will Tell You
The article discusses leadership blind spots in AI implementation including comprehension gaps, competitive disadvantages, deployment complexity, and organizational readiness challenges. These gaps may…
rss:Recorded Future
—
20:22 KSA
Risk Scenarios for the US’s Strategic Pivot
The US is adopting a force-driven security strategy emphasizing military operations and economic pressure against transnational criminal organizations and adversarial state actors. This geopolitical shift may impact cy…
rss:Dark Reading
—
20:22 KSA
Oracle Red Bull Racing Team Revs Up Automation to Boost Security
Oracle Red Bull Racing Team implements automated security processes to accelerate their security delivery alongside their engineering operations. The team leverages automation to enhance security p…
rss:Krebs on Securit
—
20:22 KSA
Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
A Brazilian anti-DDoS security firm was discovered enabling a botnet conducting massive DDoS attacks against competing ISPs and network operators. The firm's leadership allegedly orchestrated these attacks to elimi…
rss:The Hacker News
—
20:22 KSA
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories
Multiple cybersecurity threats detected including SMS blaster attacks using fake cell towers for scam distribution, vulnerabilities in OpenEMR medical software, and a ma…
rss:BleepingComputer
—
20:22 KSA
New Linux ‘Copy Fail’ flaw gives hackers root on major distros
A local privilege escalation vulnerability called 'Copy Fail' affects Linux kernels since 2017, allowing unprivileged local attackers to gain root access. An exploit has been publicly released, creat…
rss:BleepingComputer
—
20:22 KSA
What Happens in the First 24 Hours After a New Asset Goes Live
Attackers begin scanning newly deployed assets within minutes of going live, with automated attack chains progressing from discovery to full compromise in under 24 hours. Organizations face immediate…
rss:SecurityWeek
—
18:54 KSA
EnOcean SmartServer Flaws Expose Buildings to Remote Hacking
Claroty researchers identified two critical vulnerabilities in EnOcean SmartServer that enable security bypass and remote code execution. These flaws expose building automation and IoT infrastructure t…
rss:SecurityWeek
—
18:54 KSA
Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks
A critical vulnerability in Gemini CLI allows attackers to execute arbitrary commands outside the sandbox environment through malicious configuration files. This flaw poses significant su…
rss:The Hacker News
—
18:54 KSA
EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades
A sophisticated malware campaign identified by Atos Threat Research Center targets high-privilege accounts of enterprise administrators, DevOps engineers, and security analysts by impersonati…
rss:The Hacker News
—
18:54 KSA
New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
Security researchers discovered DEEP#DOOR, a stealthy Python-based backdoor framework capable of establishing persistent access to compromised systems and harvesting sensitive cred…
rss:BleepingComputer
—
18:54 KSA
Critical cPanel and WHM bug exploited as a zero-day, PoC now available
A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, WHM, and WP Squared is being actively exploited in the wild since late February. This zero-day vulnerability allows …
rss:BleepingComputer
—
18:54 KSA
Police dismantles 9 crypto scam centers, arrests 276 suspects
An international law enforcement operation involving U.S. and Chinese authorities dismantled nine cryptocurrency investment fraud centers and arrested 276 suspects. This coordinated effort targets org…
rss:SecurityWeek
—
17:18 KSA
Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months
A critical authentication bypass vulnerability in cPanel & WHM has been exploited as a zero-day for months, allowing attackers to gain unauthorized administrative access to vulnerable serve…
rss:SecurityWeek
—
16:16 KSA
‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover
A critical logic flaw in the Linux kernel's cryptographic template functionality, introduced in 2017, affects all Linux distributions and enables complete system takeover. The vulnerability impacts t…
rss:The Hacker News
—
16:16 KSA
New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions
A high-severity Linux local privilege escalation vulnerability (CVE-2026-31431, CVSS 7.8) called 'Copy Fail' has been disclosed, allowing unprivileged local users to obtain …
rss:SecurityWeek
—
15:00 KSA
Sandhills Medical Says Ransomware Breach Affects 170,000
Sandhills Medical disclosed a ransomware attack by Inc Ransom that affected 170,000 individuals, with the organization taking nearly one year to publicly reveal the breach. This delayed disclosure highligh…
rss:The Hacker News
—
13:54 KSA
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
Google patched a critical CVSS 10 vulnerability in the Gemini CLI npm package and GitHub Actions workflow that could allow attackers to execute arbitrary commands on host systems. The …
rss:Dark Reading
—
07:48 KSA
Claude Mythos Fears Startle Japan's Financial Services Sector
Global financial institutions express concern over Anthropic's new AI model capabilities, though cybersecurity experts maintain a more measured assessment of the actual threat level. The article …
rss:BleepingComputer
—
05:36 KSA
Popular WordPress redirect plugin hid dormant backdoor for years
The Quick Page/Post Redirect WordPress plugin, deployed on over 70,000 sites, contained a dormant backdoor inserted five years ago enabling arbitrary code injection. This long-term persistence thre…
rss:BleepingComputer
—
05:36 KSA
Official SAP npm packages compromised to steal credentials
Multiple official SAP npm packages were compromised in a supply-chain attack attributed to TeamPCP, targeting developers' credentials and authentication tokens. This attack demonstrates the vulnerability…
rss:Malwarebytes Lab
—
03:36 KSA
Researchers built a chatbot that only knows the world before 1931
Researchers developed a chatbot with knowledge limited to events before 1931, effectively removing modern internet data from its training. This experimental approach demonstrates how AI systems ca…
rss:Dark Reading
—
03:36 KSA
Reverse Engineering With AI Unearths High-Severity GitHub Bug
Wiz discovered a high-severity vulnerability in GitHub using AI-powered reverse engineering techniques that would have been prohibitively expensive and time-consuming to identify manually. The advance…
rss:BleepingComputer
—
03:36 KSA
Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining
Attackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduler to deploy cryptominers on developer servers. This vulnerability allows remote code…
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Thursday, April 30, 2026
CVE Archive ·
Threats ·
News