Briefs

Team82 disclosed vulnerabilities in Schneider Electric Modicon Controllers M241, M251, and M262 PLC lines, which can allow an attacker to cause a denial-of-service condition and affect controller availability.

Citrix has released a security advisory addressing multiple vulnerabilities in NetScaler ADC and NetScaler Gateway that could lead to sensitive information disclosure and user session mix-up under specific configurations.

A SQL injection vulnerability (CVE-2026-4594) exists in erupts erupt up to version 1.13.3, allowing remote attackers to execute arbitrary SQL commands by manipulating the sort.field argument in the geneEruptHqlOrderBy function.

AVideo versions up to 26.0 are vulnerable to an unauthenticated server-side request forgery (SSRF) vulnerability in the `plugin/Live/test.php` endpoint, allowing attackers to make the server send arbitrary HTTP requests, potentially exposing internal resources and cloud metadata.

WWBN AVideo platform versions up to 26.0 are vulnerable to unauthorized file access and deletion, where an authenticated user with upload permissions can exploit the `objects/import.json.php` endpoint by manipulating the `fileURI` parameter to steal private video files, read adjacent text files, and delete `.mp4` and other writable files on the filesystem.

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors, allowing attackers to trigger out-of-bounds reads via crafted glTF/GLB files, leading to denial of service and potential memory disclosure.

Iperius Backup 6.1.0 is vulnerable to privilege escalation, allowing low-privilege users to execute arbitrary programs with elevated privileges by creating malicious backup jobs that execute pre- or post-backup scripts with SYSTEM privileges.

WWBN AVideo versions prior to 26.0 are vulnerable to a credential access vulnerability where passwords containing non-numeric characters are incorrectly processed, effectively setting the password to '0' and allowing trivial channel access bypass.

Admin Express 1.2.5.485 is susceptible to a local structured exception handling buffer overflow vulnerability, enabling local attackers to execute arbitrary code via a crafted payload in the Folder Path field of the System Compare feature.

EquityPandit 1.0 contains an insecure logging vulnerability (CVE-2019-25605) that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge, specifically exposing plaintext passwords during the forgot password function.

FTP Shell Server 6.83 contains a buffer overflow vulnerability (CVE-2019-25619) in the 'Account name to ban' field, enabling a local attacker to execute arbitrary code by injecting shellcode through a crafted string in the Manage FTP Accounts dialog.

Lavavo CD Ripper 4.20 is vulnerable to a structured exception handling (SEH) buffer overflow, allowing local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field leading to arbitrary code execution and a bind shell.

CVE-2026-4545 describes a vulnerability in Flos Freeware Notepad2 4.2.25, where manipulating PROPSYS.dll leads to an uncontrolled search path, potentially allowing a local attacker to execute arbitrary code with elevated privileges.

An unauthenticated remote attacker can exploit an OS command injection vulnerability (CVE-2026-32968) in the com_mb24sysapi module of Joomla, leading to remote code execution and full system compromise.

A supply chain attack targets agent skill marketplaces by exploiting GitHub username hijacking, allowing threat actors to intercept skill downloads from vulnerable repositories, with scanners showing significant disagreement on malicious skill identification and embedded live API credentials discovered.

Axessh 4.2 is vulnerable to a stack-based buffer overflow in the log file name field, allowing local attackers to execute arbitrary code by supplying an excessively long filename.

DVDXPlayer Pro 5.5 is vulnerable to a local buffer overflow, allowing local attackers to execute arbitrary code by crafting malicious playlist files.

A remote OS command injection vulnerability exists in the Linksys MR9600 router version 2.0.6.206937, allowing attackers to execute arbitrary commands by manipulating specific function arguments via the SmartConnect.lua file.

MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function allowing local attackers to execute arbitrary code by supplying oversized configuration values in the miniftpd.conf file.

TeamPCP's CanisterWorm is a newly identified Kubernetes wiper targeting Iranian infrastructure, indicating a politically motivated destructive attack.

A stack-based buffer overflow vulnerability exists in Tenda F453 version 1.0.0.3 in the fromNatlimit function of the /goform/Natlimit Parameters Handler component, triggered remotely by manipulating the 'page' argument, allowing for potential arbitrary code execution.

TuneClone 2.20 is vulnerable to a structured exception handler (SEH) buffer overflow, allowing local attackers to execute arbitrary code by supplying a malicious license code string via the application's license registration feature.

A guest VM issuing a Xenstore command with the node path '/local/domain/' can crash xenstored (CVE-2026-23555), or, if NDEBUG is defined, cause denial of service by consuming all CPU resources.

Jsrsasign versions before 11.1.1 are vulnerable to an incorrect conversion between numeric types vulnerability, where an attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative exponent.

jsrsasign versions before 11.1.1 are vulnerable to a missing cryptographic step in the DSA signing implementation, allowing an attacker to recover the private key by manipulating the signature generation process.

Jsrsasign versions before 11.1.1 are vulnerable to an infinite loop via the bnModInverse function when processing zero or negative inputs, potentially leading to a denial of service.

A stack-based buffer overflow vulnerability exists in Belkin F9K1122 version 1.00.33, allowing remote attackers to execute arbitrary code by manipulating the 'webpage' argument in the 'formWISP5G' function.

A stack-based buffer overflow vulnerability (CVE-2026-4567) exists in the UploadCfg function of the /cgi-bin/UploadCfg file in Tenda A15 firmware version 15.13.07.13, allowing remote attackers to execute arbitrary code by manipulating the File argument.

A buffer overflow vulnerability exists in Tenda AC21 firmware version 16.03.08.16, allowing remote attackers to execute arbitrary code by manipulating arguments to the formSetQosBand function.

The WP Maps WordPress plugin before version 4.9.2 is vulnerable to time-based SQL Injection via the 'orderby' parameter, allowing unauthenticated attackers to extract sensitive information from the database.