Briefs

A sandbox escape vulnerability, identified as CVE-2026-4690, exists in the XPCOM component of Mozilla Firefox, Firefox ESR, and Thunderbird due to incorrect boundary conditions and an integer overflow, potentially allowing an attacker to execute arbitrary code outside the sandbox.

CVE-2026-4687 is a sandbox escape vulnerability in Firefox and Thunderbird due to incorrect boundary conditions in the Telemetry component, potentially allowing an attacker to execute arbitrary code outside the sandbox.

A remote, authenticated attacker can exploit multiple vulnerabilities in Cpython to manipulate files or execute arbitrary code.

A remote attacker, either anonymous or authenticated, can exploit multiple vulnerabilities in Oracle MySQL to compromise confidentiality, integrity, and availability.

A local attacker can exploit a vulnerability in GNU libc to execute arbitrary program code on Linux systems.

A vulnerability in libpng allows a remote, anonymous attacker to potentially execute arbitrary code, disclose sensitive information, or cause a denial-of-service condition.

An anonymous or authenticated remote attacker can exploit multiple vulnerabilities in Citrix Systems NetScaler to disclose information and take over a user session.

PhreeBooks ERP 5.2.3 is vulnerable to remote code execution, allowing authenticated attackers to upload and execute arbitrary PHP files via the image manager, leading to reverse shell connections and system command execution.

Tabs Mail Carrier 2.5.1 is vulnerable to a buffer overflow in the MAIL FROM SMTP command, allowing remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter with an oversized buffer to overwrite the EIP register and execute a bind shell payload via port 25.

Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters to extract sensitive database information or cause denial of service.

eNdonesia Portal v8.7 is vulnerable to SQL injection allowing unauthenticated attackers to execute arbitrary SQL queries via the bid parameter in banners.php, potentially leading to sensitive data extraction.

Netartmedia Vlog System is vulnerable to SQL injection, allowing unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter in the forgotten_password module.

Inout Article Base CMS is vulnerable to SQL injection, allowing unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters via XOR-based payloads in GET requests to portalLogin.php, potentially leading to sensitive information extraction or denial-of-service.

Base64 Decoder 1.1.2 is vulnerable to a stack-based buffer overflow (CVE-2019-25634) allowing local attackers to achieve arbitrary code execution via a crafted input file that triggers an SEH overwrite.

Meeplace Business Review Script is vulnerable to SQL injection via the 'id' parameter in the addclick.php endpoint, allowing unauthenticated attackers to execute arbitrary SQL queries and potentially extract sensitive database information or cause a denial of service.

X-NetStat Pro 5.63 contains a local buffer overflow vulnerability (CVE-2019-25637) allowing local attackers to execute arbitrary code by overwriting the EIP register.

Zeeways Jobsite CMS is vulnerable to SQL injection, allowing unauthenticated attackers to inject SQL code through the 'id' GET parameter in crafted requests to news_details.php, jobs_details.php, or job_cmp_details.php to extract sensitive database information.

Zeeways Matrimony CMS is vulnerable to SQL injection via the profile_list endpoint, where an unauthenticated attacker can inject SQL code via the up_cast, s_mother, and s_religion parameters, potentially allowing them to extract sensitive information.

AIDA64 Business 5.99.4900 is vulnerable to a local Structured Exception Handling (SEH) buffer overflow (CVE-2019-25631) allowing attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode.

PhreeBooks ERP 5.2.3 is vulnerable to arbitrary file upload in the Image Manager component, allowing authenticated attackers to upload malicious PHP files leading to remote code execution.

AIDA64 Extreme 5.99.4900 is vulnerable to a structured exception handler buffer overflow, allowing local attackers to execute arbitrary code by supplying a malicious CSV log file path through the Hardware Monitoring logging preferences.

Download Accelerator Plus DAP 10.0.6.0 is vulnerable to a structured exception handler buffer overflow, allowing remote attackers to execute arbitrary code via malicious crafted URLs by overwriting SEH pointers and executing embedded shellcode.

FlexHEX 2.71 is vulnerable to a local buffer overflow in the Stream Name field, allowing local attackers to execute arbitrary code via a structured exception handler (SEH) overflow.

Versions 1.82.7 and 1.82.8 of the Litellm package on PyPI were compromised in a supply chain attack, potentially impacting numerous users, with recommendations to avoid updating to these versions.

An anonymous remote attacker can exploit multiple vulnerabilities in cPanel/WHM to bypass security measures, perform XSS and SSRF attacks, disclose information, and potentially execute code.

An integer underflow vulnerability in strongSwan's EAP-TTLS AVP parser allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication, leading to excessive memory allocation or a NULL pointer dereference.

A remote command injection vulnerability exists in TOTOLINK X6000R routers, specifically versions 9.4.0cu.1360_B20241207 and 9.4.0cu.1498_B20250826, allowing attackers to execute arbitrary commands via manipulation of the Hostname argument in the setLanCfg function.

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface of a device, leading to full compromise and root access on the underlying Linux-based OS, as described in CVE-2026-3587.

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter, allowing unauthenticated attackers to extract sensitive database information in versions up to 2.4.8.

WWBN AVideo, up to version 26.0, contains an improper authentication vulnerability (CVE-2026-33512) in the API plugin's `decryptString` action, allowing unauthenticated users to decrypt publicly accessible ciphertext and potentially recover protected tokens/metadata.