Briefs

Anviz CX2 Lite and CX7 devices are vulnerable to unverified update packages that allow for unauthenticated remote code execution by unpacking and executing a malicious script.

Anviz CX2 Lite is vulnerable to an authenticated command injection via the filename parameter, leading to arbitrary command execution and root-level access.

xrdp versions through 0.10.5 are vulnerable to a privilege escalation flaw (CVE-2026-32107) where improper privilege management during the privilege drop process could allow an authenticated local attacker to escalate privileges to root and execute arbitrary code.

OpenViking versions prior to commit c7bb167 are vulnerable to an authentication bypass that allows remote attackers to invoke privileged bot-control functionality without authentication when the api_key configuration is unset or empty, potentially leading to unauthorized access to downstream systems and data.

Firebird versions before 5.0.4, 4.0.7, and 3.0.14 are vulnerable to a buffer overflow in the xdr_datum() function during slice packet deserialization, enabling unauthenticated attackers to cause a crash or potentially achieve arbitrary code execution by sending a malicious packet.

Firebird FB3 client library incorrectly handles data lengths when communicating with FB4+ servers, leading to an information leak exploitable by a local attacker.

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed, allowing attackers to write files outside the intended custom-agent directory.

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation, allowing authenticated attackers to read sensitive files or delete critical files leading to potential remote code execution.

A file upload validation bypass vulnerability exists in FlowiseAI, where the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type, enabling an attacker to upload .js files, store malicious Node.js web shells on the server, and potentially achieve Remote Code Execution (RCE).

A remote attacker can exploit an out-of-bounds write vulnerability (CVE-2026-6507) in dnsmasq by sending a specially crafted BOOTREPLY packet to a server configured with the `--dhcp-split-relay` option, leading to a denial of service.

An authorization bypass vulnerability exists in Better Auth's OAuth provider, allowing low-privilege users to create OAuth clients despite configured clientPrivileges, potentially leading to unauthorized client registration and increased phishing risks.

A vulnerability in `@clerk/nextjs`, `@clerk/nuxt`, and `@clerk/astro` allows crafted requests to bypass middleware gating via `createRouteMatcher`, potentially exposing protected routes if downstream authentication checks are absent.

Flowise versions 3.0.13 and earlier are vulnerable to authenticated arbitrary command execution due to unsafe serialization of stdio commands in the MCP adapter, allowing a malicious user to execute commands on the underlying operating system.

CVE-2026-22039 incompletely fixed a cross-namespace privilege escalation vulnerability in Kyverno's apiCall context, as the ConfigMap context loader still lacks namespace validation, allowing a namespace admin to read ConfigMaps from any namespace using Kyverno's privileged service account, leading to a complete RBAC bypass in multi-tenant Kubernetes clusters.

An authenticated SQL injection vulnerability (CVE-2026-5785) in the query report module of Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 allows attackers with low privileges to potentially read or modify sensitive database information.

Multiple defense-in-depth gaps exist in Meridian versions prior to 2.1.1, including high severity issues related to bypassing safety caps on collection mapping that can lead to resource exhaustion, along with medium and low severity issues affecting constructor selection, telemetry, retry mechanisms, and exception handling.

OCaml opam before 2.5.1 is vulnerable to path traversal via a crafted .install file, potentially allowing attackers to overwrite arbitrary files.

A vulnerability in Paperclip allows any authenticated user to mint agent API tokens for other tenants, leading to unauthorized access and control due to missing company access checks.

Paperclip application suffers from multiple unauthenticated API access vulnerabilities allowing attackers to access sensitive data, gather reconnaissance, and potentially bypass authentication.

A remote code execution vulnerability exists in Sagredo qmail versions prior to 2026.04.07 due to the use of `popen` in the `notlshosts_auto` function within `qmail-remote.c`, potentially leading to OS command injection.

An unauthenticated attacker can cause a denial-of-service (DoS) in zrok by sending a crafted HTTP request with a large cookie chunk count to an OAuth-protected proxy share, triggering unbounded memory allocation and leading to process termination.

A remote command injection vulnerability exists in the Wavlink WL-WN530H4 router, specifically in the `strcat/snprintf` function of the `/cgi-bin/internet.cgi` file, allowing attackers to execute arbitrary OS commands.

Dell PowerProtect Data Domain versions 7.7.1.0 through 8.5, 8.3.1.0 through 8.3.1.20, and 7.13.1.0 through 7.13.1.60, contain an improper certificate validation vulnerability in certificate-based login, potentially leading to privilege escalation.

A local attacker can exploit a vulnerability in Dell Storage Manager to escalate their privileges on the system.

A critical improper certificate validation vulnerability in CISCO Webex versions 39.6 - 45.4 (CVE-2026-20184) allows a remote, unprivileged attacker to impersonate users, gain unauthorized access, and join meetings without authorization, potentially impacting confidentiality, integrity, and availability.

Dell PowerProtect Data Domain BoostFS versions 7.7.1.0 through 8.5, 8.3.1.0 through 8.3.1.20, and 7.13.1.0 through 7.13.1.50 are vulnerable to an insufficiently protected credentials vulnerability, allowing a low-privileged attacker with local access to expose credentials and potentially gain elevated privileges.

A command injection vulnerability in Dell PowerProtect Data Domain (CVE-2026-23778) could allow a remote, high-privileged attacker to gain root-level access.

Multiple critical vulnerabilities in CISCO ISE (CVE-2026-20186, CVE-2026-20147, CVE-2026-20180) allow remote attackers with low privileges to execute arbitrary commands, potentially escalating privileges to root and causing denial-of-service.

A high privileged user can achieve remote code execution via sandbox bypass in JetBrains YouTrack before version 2025.3.131383, identified as CVE-2026-33392, potentially leading to complete system compromise.

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions 7.7.1.0 through 8.5, 8.3.1.0 through 8.3.1.20, and 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability (CVE-2026-23853) that can lead to unauthorized access by a local attacker.