Briefs

Two authentication bypass vulnerabilities in MinIO allow writing arbitrary objects to any bucket with only a valid access key, without the secret key or valid signature, impacting all MinIO deployments.

A prompt injection vulnerability in Coinbase AgentKit allows for potential wallet drain, infinite approvals, and agent-level remote code execution.

ImageMagick versions prior to 7.1.2-19 and 6.9.13-44 are susceptible to a denial-of-service (DoS) attack due to unbounded recursion during XML parsing, potentially leading to stack exhaustion.

A malicious actor with access to the UniFi Play network can exploit improper input validation vulnerabilities (CVE-2026-22563) in UniFi Play PowerAmp and Audio Port to inject commands, potentially leading to arbitrary code execution.

CVE-2026-22564 is an improper access control vulnerability in UniFi Play PowerAmp and Audio Port devices that allows an attacker with network access to enable SSH and make unauthorized system changes.

An improper access control vulnerability in UniFi Play PowerAmp and Audio Port allows a malicious actor with access to the UniFi Play network to obtain WiFi credentials.

ImageMagick versions before 7.1.2-19 and 6.9.13-44 are vulnerable to a heap buffer overflow in the MVG decoder, potentially leading to an out-of-bounds write when processing a crafted image, which can result in denial of service or arbitrary code execution.

Adobe patched CVE-2026-34621, a zero-day vulnerability in Acrobat and Reader exploited since December, allowing malicious PDFs to bypass sandboxes and execute arbitrary code, potentially leading to local file theft.

A remote SQL injection vulnerability exists in code-projects Simple Content Management System 1.0, specifically affecting the /web/admin/login.php file where manipulation of the 'User' argument allows unauthenticated attackers to execute arbitrary SQL queries.

An anonymous, remote attacker can exploit a vulnerability in VMware Tanzu Spring Cloud Gateway to bypass security measures, potentially gaining unauthorized access or control.

A remote attacker can exploit an SQL injection vulnerability (CVE-2026-6167) in the code-projects Faculty Management System 1.0 by manipulating the ID argument in the /subject-print.php file, potentially leading to data exfiltration or modification.

A stack-based buffer overflow vulnerability (CVE-2026-6168) exists in TOTOLINK A7000R devices up to version 9.1.0u.6115, allowing remote attackers to execute arbitrary code via a crafted ssid5g argument to the setWiFiEasyGuestCfg function in /cgi-bin/cstecgi.cgi.

CVE-2026-40436 is a vulnerability in the ZTE ZXEDM iEMS product that allows attackers to reset user passwords due to improper access control on the user list acquisition function within the cloud EMS portal, potentially leading to unauthorized operations and system compromise.

A remote attacker can exploit an SQL injection vulnerability (CVE-2026-6165) in code-projects Vehicle Showroom Management System 1.0 by manipulating the ID parameter in /util/Login_check.php, potentially leading to unauthorized data access and modification.

A remote SQL injection vulnerability (CVE-2026-6163) exists in code-projects Lost and Found Thing Management 1.0 via manipulation of the 'cat' parameter in /catageory.php, potentially allowing attackers to read, modify, or delete database information.

CVE-2026-25207 is an out-of-bounds write vulnerability in Samsung Open Source Escargot that allows for buffer overflows, potentially leading to arbitrary code execution.

CVE-2026-6161 is an unauthenticated SQL injection vulnerability in the Simple ChatBox application (<= 1.0) that can be exploited by sending a crafted HTTP request to `/chatbox/insert.php`.

A heap-based buffer overflow vulnerability in Samsung Open Source Escargot (CVE-2026-25205) allows for out-of-bounds write operations, potentially leading to arbitrary code execution.

A remote buffer overflow vulnerability exists in the Totolink A800R router version 4.1.2cu.5137_B20200730, allowing unauthenticated attackers to potentially execute arbitrary code by overflowing the apcliSsid argument in the setAppEasyWizardConfig function within the /lib/cste_modules/app.so library.

A use-after-free vulnerability, tracked as CVE-2026-34856, exists in Huawei's communication module due to improper synchronization in concurrent execution, potentially leading to a denial-of-service condition.

CVE-2026-6129 is a critical vulnerability in zhayujie chatgpt-on-wechat CowAgent up to version 2.0.4, allowing remote attackers to bypass authentication via manipulation of the Agent Mode Service.

An out-of-bounds write vulnerability exists in Mesa versions before 25.3.6 and 26 before 26.0.1 due to an untrusted allocation size in WebGPU, potentially leading to code execution.

Dolibarr ERP-CRM 8.0.4 is vulnerable to SQL injection via the rowid parameter in the admin dict.php endpoint, allowing attackers to execute arbitrary SQL queries and extract sensitive database information.

MyT-PM 1.5.1 is vulnerable to SQL injection, allowing authenticated attackers to execute arbitrary SQL queries via the Charge[group_total] parameter.

Across DR-810 routers are vulnerable to unauthenticated file disclosure, allowing remote attackers to download the rom-0 backup file containing sensitive information, such as router passwords and configuration data, via a simple GET request to the rom-0 endpoint.

eBrigade ERP 4.5 is vulnerable to SQL injection via the 'id' parameter in pdf.php, allowing authenticated attackers to execute arbitrary SQL queries and extract sensitive database information.

ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability allowing authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter via POST requests to the admin.php endpoint.

CMSsite 1.0 is vulnerable to unauthenticated SQL injection (CVE-2019-25697) via the cat_id parameter in category.php, allowing attackers to extract sensitive database information.

Easy Video to iPod Converter 1.6.20 is vulnerable to a local buffer overflow in the user registration field, allowing a local attacker to overwrite the structured exception handler (SEH) by providing a crafted payload exceeding 996 bytes in the username field, potentially leading to arbitrary code execution with user privileges.

RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation, leading to arbitrary code execution.