119
CVEs
42
Threats
0
News
3
Critical
3
CISA KEV
🛡 Security Vulnerabilities (CVE)
Linux Kernel — CVE-2022-0492
Linux Kernel contains an improper authentication vulnerability which could allow for privilege escalation via the cgroups v1 release_agent feature.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for c…
Android Framework — CVE-2025-48595
Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cl…
CVE-2026-45247
Mirasvit Mirasvit Full Page Cache Warmer — CVE-2026-45247
Mirasvit Full Page Cache Warmer contains a deserialization of
05:16 KSA
Mirasvit Mirasvit Full Page Cache Warmer — CVE-2026-45247
Mirasvit Full Page Cache Warmer contains a deserialization of untrusted data vulnerability that could allow unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the Cac…
HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through multiple endpoints including aksi_foto.php, aksi_user.php, and aksi_kecamatan.php t…
CVE-2025-11993
WooCommerce Infinite Scroll Plugin PHP Object Injection via Import Settings
03:16 KSA
The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8 via the 'settings' parameter in the 'import_settings' function. This is due to deserialization of untrusted data supplied via t…
Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried …
A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /goform/formWPS. Such manipulation of the argument peerPin leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publi…
A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub_9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. This project is su…
A vulnerability was detected in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file multimon.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. This project is superseded by FreshTomato. This vulnerability only affects…
A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument filter_name leads to stack-based buffer overflow. Remote exploitation of the attack is possi…
A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewall_name results in stack-based buffer overflow. The attack can be executed remotel…
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.
A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.
A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.
A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.
CVE-2026-35674
OpenClaw Gateway Scope Bypass in chat.send Route Enables Privilege Escalation
21:16 KSA
OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliver commands through inherited external routes to bypass operator.approvals and op…
FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administra…
FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $_REQUEST['rawname'] parameter is concatenated into an include() call with a .class.php suf…
Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer(). The sanitizer checks only the final filename suffix, allowing double-extension filenames such as shell.php.jpg to bypass the blocklist, with pathinfo() …
The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute c…
Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. (Chromium security severity: Critical)
Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-20230
Cisco Unified CM SSRF Vulnerability Allows Unauthenticated Root Privilege Escalation
21:01 KSA
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected devi…
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g., PAGER) to execute arbitrary code. This vulnerability is fixed in 0.229.0.
Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation. Attackers can craft a malicious WMA file that triggers the overflow when loaded …
Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup cod…
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table…
E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id_partai parameter. Attackers can send GET requests to monitor_nilai.php with crafted SQL payloa…
HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticated attacker can exploit the desa module (module=desa&act=hapus), while authenticat…
HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'nama_kelompok' POST parameter sent to lap-anggota-kelompok-pdf.php. Attackers can send a crafted request with a time-based …
HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'desa' POST parameter sent to lap-peserta-perdesa-pdf.php. Attackers can send a crafted request with a time-based blind payl…
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release_id parameter of boards_buttons/update_release.php. The release_id value is concatenated directly into …
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature_id parameter of boards_buttons/update_feature.php. The feature_id value is concatenated directly into …
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frm_passwd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extra…
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tick_lat and tick_lng parameters. Attackers can send GET requests to nearby.php with crafted SQL payl…
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/form_post.php endpoint with crafted SQL p…
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to sever_graph.php with crafted SQL payloads to extract…
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inc_types_graph.php with crafted SQL payloads to ext…
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to city_graph.php with crafted SQL payloads to extract …
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticket_id parameter. Attackers can send GET requests to add_facnote.php with crafted SQL payloads to …
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid paramete…
A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by exploiting insufficient input validation in an upload endpoint. By injecting path traversal cont…
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.
FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid client_id is required. The validateClient() method in ClientRepository.php unconditional…
The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to missing nonce verification on the bulk action handlers in the settings tab handlers. This makes it possible for unauthenticated attac…
CVE-2025-14773
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus.
T
03:32 KSA
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24.
OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authoriza…
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors.
CVE-2022-49042
Synology Hyper Backup Explorer Arbitrary Code Execution via Untrusted DLL Loading
21:01 KSA
An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors.
Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host.
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is ena…
CVE-2025-41281
Waterfall WF-500 RX Host OS Command Injection Vulnerability (CVE-2025-41281)
09:18 KSA
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a M…
CVE-2026-45136
Code Injection in claude-code-cache-fix quota-statusline.sh String Interpolation
03:16 KSA
claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh (introduced in v3.5.0) interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-con…
CVE-2026-46246
In the Linux kernel, the following vulnerability has been resolved:
power: supply: pm8916_lbc: Fix use-after-free for e
03:18 KSA
In the Linux kernel, the following vulnerability has been resolved:
power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler
Using the `devm_` variant for requesting IRQ _before_ the `devm_`
variant for allocating/registering the `extcon` handle, means that the
`…
CVE-2026-46267
In the Linux kernel, the following vulnerability has been resolved:
nfc: hci: shdlc: Stop timers and work before freein
03:18 KSA
In the Linux kernel, the following vulnerability has been resolved:
nfc: hci: shdlc: Stop timers and work before freeing context
llc_shdlc_deinit() purges SHDLC skb queues and frees the llc_shdlc
structure while its timers and state machine work may still be active.
Timer call…
A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the…
A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN (Fully Qualified Domain Name) EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests…
HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to delete arbitrary records by sending a crafted request that specifies the target record's id. The admin/modul/mod_pengurus/aksi_pengurus.php (module=pengurus&act=hap…
Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attackers can request the networkSetup.htm endpoint and extract plaintext username and…
CVE-2025-41271
Waterfall WF-500 Path Traversal Vulnerability Allows Unauthenticated File Access
03:16 KSA
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device.
DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files.
It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is …
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump() writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each fa…
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template author…
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::set_trusted_proxies() with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose valu…
The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated (Subscriber+) account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints (react_to_event() / unreact_to_event()). The endpoints reg…
Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtrackin…
CVE-2026-8889
Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) an
09:16 KSA
Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes).
The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters are read from $_SERVER['QUERY_STRING'] via parse_str() (bypassing WordPress's wp_magic_quotes protection, whic…
A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Client-*` headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted `X-SSL-Clie…
Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by passing user-controlled URLs to the addMediaFromUrl() method in InteractsWithMedi…
CVE-2026-10110
SQL Injection in Student Details Management System 1.0 /index.php roll Parameter
21:16 KSA
A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in sql injection. The attack is possible to be carried out remotely. The exploit is…
A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from remote. The exploit has been published and ma…
A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. The attack can be launched remotely. The exploit is now public a…
A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/admin_class_novo.php of the component Administrative Control Panel. The manipulation of the argument Username results in sql injec…
CVE-2026-10771
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-
09:16 KSA
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server…
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 0.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject…
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitr…
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitr…
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitr…
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitr…
CVE-2026-10072
DreamMaker Arbitrary File Upload Vulnerability Enables Remote Code Execution
15:16 KSA
DreamMaker developed by Interinfo has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the log_activity function. Attackers can send POST requests to /index.php/user/log_activity with ma…
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
CVE-2026-0048
In hide of WindowState.java, there is a possible way to trick the user into approving permissions due to a tapjacking/ov
04:48 KSA
In hide of WindowState.java, there is a possible way to trick the user into approving permissions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2019-25720
Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerabil
13:16 KSA
Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot the monitor by sending a malformed network packet. Attackers can repeatedly send su…
CVE-2026-3870
A buffer overflow vulnerability in the UPnP AddPortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.1
04:48 KSA
A buffer overflow vulnerability in the UPnP AddPortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of-service (DoS) condition affecting the UPnP function of the affected device.
CVE-2026-3871
A buffer overflow vulnerability in the UPnP DeletePortMapping() command in Zyxel VMG4005-B50B firmware versions through
10:00 KSA
A buffer overflow vulnerability in the UPnP DeletePortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of-service (DoS) condition affecting the UPnP function of the affected device.
CVE-2026-2382
The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of
12:00 KSA
The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpw_fs_get_file' AJAX action in all versions up to, and including, 1.9.5. This is due to insufficient input sanitization and output escaping. This makes it…
CVE-2026-4080
The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_to_cart' shortcode in all v
16:10 KSA
The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_to_cart' shortcode in all versions up to and including 1.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, the ect…
CVE-2026-4081
The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [zemstl] shortcode in all versions
16:10 KSA
The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [zemstl] shortcode in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes, specifically the 'url', 'col…
CVE-2026-8885
The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callo
21:55 KSA
The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortco…
CVE-2026-10581
A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/
10:00 KSA
A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64_decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has b…
CVE-2026-10693
A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulner
13:16 KSA
A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative Endpoint. The manipulation leads to improper authorization. The attack can be initiated remo…
CVE-2026-10703
A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRo
13:16 KSA
A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData Handler. The manipulation leads to use after free. Remote exploitation of the at…
CVE-2026-45283
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, a
23:36 KSA
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the files_lock app did not properly validate the ownership of files when processing DAV lock and unlock requests. An authenticated u…
CVE-2026-0046
In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapj
04:48 KSA
In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for explo…
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller (DPC)
04:48 KSA
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller (DPC) into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User …
CVE-2026-1450
The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' parameter in versions up
12:00 KSA
The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w…
CVE-2026-1451
The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a' parameter in versions up to
12:00 KSA
The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web …
CVE-2026-20175
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote loc
13:16 KSA
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks.
This vulnerability is due to insufficient validation of …
A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed.
…
CVE-2026-2425
The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'new_domain' par
14:00 KSA
The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'new_domain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated atta…
CVE-2023-52951
A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows
13:16 KSA
A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential.
CVE-2026-0075
In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead t
04:48 KSA
In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-5085
The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole_link’ parameter in al
12:00 KSA
The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole_link’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admin…
A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory originating from the OLE layer (ole2_read). The flaw is detectable with MemorySanitize…
⚠️ Threat Intelligence
42 threats
rss:The Hacker News
—
05:18 KSA
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
Redis has patched a critical use-after-free vulnerability (CVE-2026-23479) in its blocking-client code that allows authenticated users to execute arbitrary OS commands on the database host. T…
rss:The Hacker News
—
04:32 KSA
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
A critical vulnerability in Microsoft 365 Android applications stems from a debug flag left enabled in production builds, allowing any installed app to request and obtain user ac…
rss:The Hacker News
—
04:32 KSA
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
Cybercriminals are exploiting Google's DoubleClick domain in a malspam campaign to bypass security detection and deliver the DesckVB remote access trojan. The attack leverages the trusted G…
rss:The Hacker News
—
04:32 KSA
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android
A critical vulnerability in Google Gemini's voice assistant on Android allows attackers to hijack the system through poisoned notifications from popular messaging apps like WhatsApp, Slack, Sign…
rss:BleepingComputer
—
04:32 KSA
CISA warns of cyberattacks targeting fuel tank monitoring systems
CISA and U.S. government agencies warn of active cyberattacks targeting internet-exposed automatic tank gauge (ATG) systems used in critical infrastructure. These systems monitor fuel and liquid s…
rss:BleepingComputer
—
04:32 KSA
The U.S. sanctions Nobitex crypto exchange used by ransomware
The U.S. Treasury's OFAC has sanctioned Nobitex, Iran's largest cryptocurrency exchange, for facilitating ransomware-related payments and terrorist financing. This action disrupts financial infrastruc…
rss:Dark Reading
—
02:16 KSA
Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover
A disabled security setting in Microsoft 365 Android applications (Word, PowerPoint, Excel) has created a critical vulnerability allowing attackers to steal user credentials and sensitive data. T…
rss:Dark Reading
—
02:16 KSA
Tropical Blend: Cyber & Politics Ramp Up Across Latin America
China-linked espionage groups have conducted cyber attacks against at least a dozen nations in Latin America, targeting critical infrastructure including maritime shipping and oil production f…
rss:Malwarebytes Lab
—
01:27 KSA
We found this fake-invoice campaign while scammers were still building it
Cybercriminals are conducting a sophisticated phishing campaign using fake invoices impersonating legitimate companies like Amazon and PayPal to deceive victims. The attackers combine frau…
rss:Dark Reading
—
01:27 KSA
Cyber Insurance Rates Are Dropping, but Exclusions Widen
Cyber insurance rates are declining, but insurers are expanding policy exclusions that may leave organizations unprotected against social engineering attacks such as ClickFix. This trend indicates a shift …
rss:BleepingComputer
—
01:27 KSA
New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute
A new DoS attack called HTTP/2 Bomb can crash web servers from a single machine within seconds by exploiting HTTP/2 protocol vulnerabilities. This attack poses a significant threat to w…
rss:SecurityWeek
—
00:18 KSA
Coralogix Raises $200M at $1.6B Valuation to Scale AI Observability Platform
Coralogix, an observability platform provider, secured $200M in funding at a $1.6B valuation to expand its AI-powered monitoring capabilities. The platform integrates logs, metrics, tra…
rss:BleepingComputer
—
21:55 KSA
CISA warns of active attacks exploiting Android, Linux bugs
CISA has issued a warning about active exploitation of vulnerabilities in Linux kernel and Android operating systems by threat actors. Organizations using these platforms should prioritize patching thes…
rss:BleepingComputer
—
20:26 KSA
What 345 Days of Untested Exposure Looks Like at a Bank
A two-week penetration test leaves approximately 345 days of real-world exposure unvalidated, highlighting critical security gaps in banking institutions. The article emphasizes that continuous security tes…
rss:Malwarebytes Lab
—
19:48 KSA
Keep getting calls from questionable numbers? Meet Scam Number Check
Scam Number Check is a tool that enables users to verify whether phone numbers have been associated with scams before engaging with them. This defensive utility helps prevent financial fraud an…
rss:SecurityWeek
—
19:48 KSA
Hackers Target Global Stock Exchange in Espionage Operation
Attackers conducted a prolonged espionage campaign against a global stock exchange, maintaining unauthorized access to a senior executive's email account for 150 days. The breach resulted in significant…
rss:SecurityWeek
—
19:48 KSA
Security of 100 AI Agents Tested and Ranked – What You Need to Know
A comprehensive security assessment of 100 AI agents reveals critical vulnerabilities in artificial intelligence systems. The evaluation framework measures compromise susceptibility, breach impa…
rss:SecurityWeek
—
19:48 KSA
Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs
Threat actors are actively exploiting vulnerabilities in Kirki and Burst Statistics WordPress plugins to gain unauthorized access and compromise website integrity. These exploits enable priv…
rss:The Hacker News
—
19:48 KSA
Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore
Security experts emphasize that organizations must shift from a patch-centric defense model to assuming breach scenarios, as zero-day vulnerabilities continue to emerge faster than pa…
rss:The Hacker News
—
19:48 KSA
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
Researchers discovered a one-click attack through VS Code that enables attackers to steal GitHub OAuth tokens, granting access to read and write permissions on repositories including priva…
rss:SecurityWeek
—
18:19 KSA
Organizations Warned of Exploited Linux Kernel Vulnerability
A critical Linux kernel vulnerability with improper authentication allows attackers to escalate privileges and escape container environments. This vulnerability poses significant risk to organizations …
rss:SecurityWeek
—
18:19 KSA
IMA Diligence Services Data Breach Impacts 525,000 People
A data breach at IMA Diligence Services exposed personal information of 525,000 individuals stored on a legacy server managed by a third party. The incident highlights risks associated with outdated infra…
rss:Dark Reading
—
18:19 KSA
Malicious Notifications Could Trick Google Gemini Users
A prompt injection vulnerability in Google Gemini's voice assistant allows attackers to embed malicious commands within notifications, enabling sophisticated social engineering attacks. This flaw could be e…
rss:BleepingComputer
—
18:19 KSA
Acer working to patch max severity zero-days in Wave 7 routers
Acer is addressing two critical zero-day vulnerabilities in its Wave 7 mesh routers that could allow remote attackers to gain unauthorized access. These maximum-severity flaws pose significant risks …
rss:SecurityWeek
—
17:15 KSA
‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds
A critical vulnerability in HTTP/2 default configurations allows attackers to exploit a combination of compression bomb and Slowloris-style attacks to rapidly disable web servers. This attack chain can …
rss:The Hacker News
—
17:15 KSA
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
Security researchers have disclosed an unpatched vulnerability in Windows Search URI handler that could allow attackers to steal NTLMv2 hashes from users. This vulnerability follows a …
rss:SecurityWeek
—
16:19 KSA
Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash
Microsoft faced backlash over threatening legal action against security researchers who publicly disclose zero-day vulnerabilities without prior coordination. The company attempted to …
rss:Dark Reading
—
16:19 KSA
Global Stock Exchange Hit by Monthslong Email Campaign
A threat actor gained prolonged unauthorized access to a senior finance executive's email inbox at a global stock exchange using legitimate Windows tools. This extended access provided the attacker with cont…
rss:The Hacker News
—
16:19 KSA
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
A critical remote denial-of-service vulnerability named HTTP/2 Bomb has been discovered affecting major web servers including NGINX, Apache HTTPD, Microsoft IIS, Envoy,…
rss:BleepingComputer
—
16:19 KSA
Police dismantles 9 crime groups in illegal streaming crackdown
European and international law enforcement dismantled nine organized crime groups and arrested 29 suspects operating illegal streaming services. This operation disrupted criminal infrastructure used…
rss:Malwarebytes Lab
—
15:32 KSA
Infostealers are becoming the go-to phishing payload
Cybercriminals are increasingly adopting infostealer malware as their primary phishing payload due to reduced operational friction, superior scalability, and widespread availability. This shift represents a si…
rss:BleepingComputer
—
15:32 KSA
Google adds Android protection against AI deepfake scam calls
Google is launching a new Android security feature designed to detect and alert users when scammers use AI-generated deepfake technology to impersonate personal contacts during phone calls. This prote…
rss:The Hacker News
—
14:00 KSA
Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content
Cybersecurity researchers have identified a malware-as-a-service (MaaS) campaign called Weedhack targeting Minecraft players through YouTube to distribute malware capable o…
rss:BleepingComputer
—
14:00 KSA
VS Code zero-day lets hackers steal GitHub tokens in one click
A zero-day vulnerability in Visual Studio Code allows attackers to steal GitHub authentication tokens through a single-click attack vector. The exploit code has been publicly released, enabling threa…
rss:BleepingComputer
—
10:32 KSA
Over 116,000 Minecraft systems infected in WeedHack malware campaign
WeedHack malware campaign has infected over 116,000 systems targeting Minecraft players since January. This large-scale campaign demonstrates the vulnerability of gaming platforms to malware di…
rss:BleepingComputer
—
05:30 KSA
OpenAI upgrades GPT-5.5, as it plans to retire legacy ChatGPT models
OpenAI is upgrading GPT-5.5 Instant and retiring legacy models including o3. Organizations using deprecated models should plan migration strategies to avoid service disruptions and ensure conti…
rss:BleepingComputer
—
05:30 KSA
Microsoft's Coreutils project brings Linux commands to Windows
Microsoft released Coreutils for Windows, bringing native Linux command-line utilities to Windows systems. This development could expand the attack surface by introducing Unix-based tools that m…
rss:Dark Reading
—
04:32 KSA
FBI-Flagged Phishing Kit Kali365 Expands Its Reach
The FBI-flagged phishing-as-a-service platform Kali365 has expanded beyond Microsoft 365 targets to include AWS, Okta, and Russian platforms using device code phishing techniques. This expansion represents a sig…
rss:Dark Reading
—
04:32 KSA
Zoom CISO: AI as Security Enabler, Not Role-Replacer
Zoom's CISO Sandra McLeod discusses leveraging AI-driven security workflows to enhance threat detection and response capabilities on a global communication platform. The article addresses the integration of AI…
rss:BleepingComputer
—
04:32 KSA
Over 116,000 Mincraft systems infected in WeedHack malware campaign
The WeedHack malware campaign has infected over 116,000 Minecraft systems since January, targeting gaming users through malicious distribution channels. This widespread campaign poses significan…
rss:BleepingComputer
—
04:32 KSA
Critical Kirki flaw exploited to hijack WordPress admin accounts
A critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki WordPress plugin is being actively exploited by attackers to hijack administrator and user accounts. Organizations using t…
rss:Dark Reading
—
03:33 KSA
DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks
DriveSurge, a malicious traffic distribution system (TDS), is being used in a large-scale operation to hijack thousands of legitimate websites and redirect visitors to malware delivery sites.…
📰 Cybersecurity News
0 articles
No news aggregated today yet
This digest is updated automatically every day — Last updated: Wednesday, June 3, 2026
CVE Archive ·
Threats ·
News