Briefs

The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter within 'product_data' of the `/wp-json/InkXEProductDesignerLite/add-item-to-cart` REST API endpoint, allowing unauthenticated attackers to extract sensitive information from the database.

The Riaxe Product Customizer plugin for WordPress is vulnerable to privilege escalation, allowing unauthenticated attackers to update arbitrary WordPress options via a publicly accessible AJAX endpoint and escalate privileges to administrator.

An authenticated remote attacker can exploit multiple vulnerabilities in Apache ActiveMQ to manipulate files or execute arbitrary code.

Openfind MailGates/MailAudit is vulnerable to CRLF injection (CVE-2026-6351), enabling unauthenticated remote attackers to read system files by injecting malicious CRLF sequences.

Openfind MailGates/MailAudit is vulnerable to a stack-based buffer overflow (CVE-2026-6350) allowing unauthenticated remote attackers to execute arbitrary code by controlling the program's execution flow.

The WinMatrix agent by Simopro Technology suffers from a missing authentication vulnerability (CVE-2026-6348), enabling local authenticated attackers to execute arbitrary code with SYSTEM privileges on the local machine and all hosts within the agent's environment.

Radare2 before commit 9236f44, when configured on UNIX without SSL, is vulnerable to command injection via a PDB name passed to rabin2 -PP, potentially allowing arbitrary code execution.

Creolabs Gravity before 0.9.6 is vulnerable to a heap buffer overflow in the gravity_vm_exec function, allowing attackers to achieve arbitrary code execution by crafting scripts with many string literals at global scope that exploit insufficient bounds checking in gravity_fiber_reassign().

The wger application has a broken access control vulnerability in the global gym configuration update endpoint, allowing low-privileged authenticated users to modify installation-wide configuration settings and escalate privileges.

Luanti 5 before 5.15.2 allows unintended access to an insecure environment if a crafted mod intercepts requests when secure mods are enabled, potentially leading to unauthorized access and control.

Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod, potentially leading to arbitrary code execution.

The `@fastify/reply-from` and `@fastify/http-proxy` libraries process the client's `Connection` header after adding headers, allowing attackers to strip proxy-added headers via the `Connection` header, leading to potential bypass of security controls.

CVE-2026-6388 describes a flaw in ArgoCD Image Updater that allows an attacker with permissions to create or modify an ImageUpdater resource in a multi-tenant environment to bypass namespace boundaries and trigger unauthorized image updates.

Barracuda RMM versions prior to 2025.2.2 are vulnerable to local privilege escalation, allowing attackers to gain SYSTEM privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory.

A buffer overflow vulnerability in the GIF image loading component of GIMP allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file, potentially leading to denial of service or arbitrary code execution.

CVE-2026-6297 is a critical use-after-free vulnerability in the Proxy component of Google Chrome before version 147.0.7727.101, enabling a privileged network attacker to potentially achieve sandbox escape via a crafted HTML page.

Fastify v5.x is vulnerable to a body schema validation bypass, allowing attackers to circumvent request body validation by prepending a single space to the Content-Type header, potentially compromising data integrity and security constraints.

Weblate versions before 5.17 are vulnerable to path traversal due to improper verification of downloaded files in the ZIP download feature, potentially allowing attackers to access files outside the intended repository.

Weblate versions before 5.17 are susceptible to remote code execution due to unfiltered Git and Mercurial configuration files in project backups, potentially allowing attackers to execute arbitrary code under specific conditions.

Velociraptor versions prior to 0.76.3 contain an authentication bypass vulnerability in the query() plugin, allowing authenticated users to access data from other organizations within the Velociraptor deployment, potentially leading to unauthorized data access and privilege escalation.

Git for Windows versions prior to 2.53.0.windows.3 are vulnerable to NTLM hash theft by attackers who can trick users into cloning malicious repositories or checking out malicious branches, leading to potential credential compromise.

An SQL Injection vulnerability, identified as CVE-2025-63029, exists in the WC Lovers WCFM Marketplace WordPress plugin up to version 3.7.1, potentially allowing attackers to execute arbitrary SQL queries.

A user with access to the `_internal` index or the `mcp_tool_admin` capability in Splunk MCP Server app versions below 1.0.3 can view user session and authorization tokens in clear text, leading to potential credential compromise.

CVE-2026-33827 is a race condition vulnerability in Windows TCP/IP that allows an attacker to execute arbitrary code over the network by exploiting improper synchronization during concurrent execution using shared resources.

CVE-2026-27911 is a race condition vulnerability in the Windows User Interface Core that allows a local attacker to elevate privileges due to improper synchronization when accessing shared resources.

CVE-2026-32080 is a use-after-free vulnerability in the Windows WalletService, allowing a locally authorized attacker to elevate privileges.

CVE-2026-33104 is a race condition vulnerability in Windows Win32K - GRFX that allows an authorized local attacker to elevate privileges by exploiting concurrent execution using a shared resource with improper synchronization.

CVE-2026-26173 is a race condition vulnerability in the Windows Ancillary Function Driver for WinSock that allows a local attacker to elevate privileges.

CVE-2026-26177 is a use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock, allowing a local attacker to elevate privileges.

Zarf is vulnerable to path traversal due to insufficient sanitization of the Metadata.Name field in package manifests when using the `zarf package inspect sbom` or `zarf package inspect documentation` commands, potentially leading to arbitrary file write.