Briefs

CVE-2025-47389 describes a memory corruption vulnerability stemming from a buffer copy operation failure due to an integer overflow during the attestation report generation process, potentially leading to arbitrary code execution.

A memory corruption vulnerability (CVE-2025-47390) exists while preprocessing IOCTL requests in the JPEG driver, potentially leading to local privilege escalation or denial of service.

Twitch Studio version 0.114.8 and prior contains a privilege escalation vulnerability (CVE-2024-14032) that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service, enabling them to overwrite system files and achieve full system compromise.

Detects the execution of headless browsers from suspicious parent processes with arguments indicative of scripted retrieval, bypassing application control policies and restrictions on direct download tools.

A remote command injection vulnerability exists in OFFIS DCMTK version 3.7.0 and earlier due to insufficient input sanitization in the `storescp` application, potentially allowing unauthenticated attackers to execute arbitrary OS commands.

The Media Library Assistant WordPress plugin through version 3.34 is vulnerable to SQL injection, allowing attackers to manipulate database queries.

A vulnerability in the distribution toolkit prior to 3.1.0 allows a malicious upstream registry or man-in-the-middle attacker to redirect authentication requests, potentially exposing upstream credentials.

GLPI versions 10.0.0 before 10.0.24 and 11.0.6 are vulnerable to SQL Injection (CVE-2026-29047) via the logs export feature, allowing authenticated users to potentially execute arbitrary SQL commands.

GLPI versions 11.0.0 to before 11.0.6 are vulnerable to remote code execution (RCE) via template injection by an authenticated administrator, allowing for arbitrary code execution on the server.

GLPI versions 11.0.0 to before 11.0.6 are susceptible to an unauthenticated time-based blind SQL injection vulnerability in the search engine, allowing remote attackers to potentially extract sensitive information.

CVE-2026-25932 is a cross-site scripting vulnerability in GLPI versions 0.60 to before 10.0.24, where an authenticated technician user can store a malicious XSS payload within supplier fields, potentially leading to arbitrary code execution in the context of other users' browsers.

This rule correlates AWS Long-Term Access Key First Seen from Source IP alerts with other open alerts of medium or higher severity that share the same IAM access key ID to prioritize investigation of potentially compromised accounts, helping identify post-compromise activity.

Mattermost Legal Hold plugin versions 1.1.4 and earlier allow authenticated attackers to bypass authorization checks, enabling unauthorized access and modification of legal hold data via crafted API requests.

Detects unusual access to Kubernetes secrets, potentially indicating an attacker attempting to steal sensitive information after gaining initial access to the cluster.

A remote SQL injection vulnerability (CVE-2026-5634) exists in projectworlds Car Rental Project 1.0 via the fname parameter in /book_car.php, allowing unauthenticated attackers to potentially read, modify, or delete database information.

A stack-based buffer overflow vulnerability in Tenda CH22 version 1.0.0.1 allows a remote attacker to execute arbitrary code by manipulating the 'GO' argument in the formWrlExtraSet function via the /goform/WrlExtraSet endpoint.

A SQL injection vulnerability exists in code-projects Easy Blog Site 1.0 within the login.php file, exploitable remotely by manipulating the username/password parameters, potentially leading to unauthorized database access.

A SQL injection vulnerability (CVE-2026-5637) exists in projectworlds Car Rental System 1.0's /message_admin.php, allowing remote attackers to execute arbitrary SQL commands by manipulating the 'Message' argument.

A server-side request forgery (SSRF) vulnerability exists in assafelovic gpt-researcher up to version 3.4.3, affecting the ws Endpoint component, allowing a remote attacker to manipulate the source_urls argument and potentially access internal resources or conduct further attacks.

CVE-2026-5632 is an authentication bypass vulnerability in assafelovic gpt-researcher up to version 3.4.3, affecting the HTTP REST API Endpoint and allowing remote attackers to perform actions without proper authorization.

A remote code injection vulnerability exists in assafelovic gpt-researcher versions up to 3.4.3 due to improper handling of the 'args' argument in the extract_command_data function, potentially allowing attackers to execute arbitrary code.

JeecgBoot versions 3.9.0 and 3.9.1 are vulnerable to a remote unauthenticated bypass in the AI Chat Module, specifically affecting the JeecgBizToolsProvider.java file, potentially allowing unauthorized access.

A stack-based buffer overflow vulnerability (CVE-2026-5612) exists in Belkin F9K1015 1.00.10, allowing remote attackers to execute arbitrary code by manipulating the 'webpage' argument in the 'formWlEncrypt' function of the '/goform/formWlEncrypt' file.

A stack-based buffer overflow vulnerability (CVE-2026-5608) exists in the formWlanSetup function of Belkin F9K1122 version 1.00.33, allowing remote attackers to execute arbitrary code by manipulating the 'webpage' argument in the /goform/formWlanSetup file.

A stack-based buffer overflow vulnerability (CVE-2026-5604) in Tenda CH22 1.0.0.1 allows remote attackers to execute arbitrary code by manipulating the 'standard' argument in the formCertLocalPrecreate function of the /goform/CertLocalPrecreate file within the Parameter Handler component.

Kados R10 GreenBee is vulnerable to SQL injection via the id_project parameter, allowing attackers to manipulate database queries to extract sensitive information or modify data.

Kados R10 GreenBee is vulnerable to SQL injection (CVE-2019-25704), allowing attackers to manipulate database queries via the filter_user_mail parameter, potentially leading to data extraction or modification.

Kados R10 GreenBee is vulnerable to SQL injection via the 'id_to_modify' parameter, enabling attackers to manipulate database queries and potentially extract or modify sensitive data.

phpBB is vulnerable to arbitrary file upload (CVE-2019-25685) by exploiting the plupload functionality and phar:// stream wrapper, allowing authenticated attackers to upload crafted zip files containing serialized PHP objects that execute arbitrary code via the imagick parameter.

RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability allowing local attackers to execute arbitrary code by supplying a malicious payload via the Echo Port tab.