Pillow versions 10.3.0 through 12.1.1 are vulnerable to an out-of-bounds write in PSD image decoding/encoding due to an integer overflow when computing tile extent sums, potentially leading to arbitrary code execution.

Argo Workflows versions 4.0.0 to 4.0.4 log artifact repository credentials in plaintext, allowing users with read access to pod logs to extract sensitive information such as S3 access keys and GCS service account keys.

Argo Workflows has an incomplete fix for CVE-2026-31892, allowing bypass of templateReferencing restrictions to modify pod specifications, leading to potential privilege escalation and security context overrides.

An information disclosure vulnerability in the Easy PayPal Events & Tickets WordPress plugin (versions 1.3 and earlier) allows unauthenticated attackers to enumerate and retrieve all customer order records via the scan_qr.php endpoint.

An unauthenticated remote attacker can exploit a hardcoded authentication bypass vulnerability in the Easy PayPal Events & Tickets plugin for WordPress (versions 1.3 and earlier) by providing 'test' as the hash parameter, allowing retrieval of sensitive order details.

Quarkus Vertx HTTP versions < 3.20.6.1, >= 3.21.0 and < 3.27.3.1, >= 3.30.0 and < 3.33.1.1, and >= 3.34.0 and < 3.35.1.1 are vulnerable to an authorization bypass where appending a semicolon and arbitrary text to the request URL allows unauthorized access to protected resources.

A memory corruption vulnerability, CVE-2025-47408, exists in Qualcomm drivers when another driver calls an IOCTL with an invalid input/output buffer, potentially leading to code execution or denial of service.

CVE-2025-47407 describes a memory corruption vulnerability affecting the digital signal processor due to allocation failure at the kernel level, potentially leading to arbitrary code execution with elevated privileges on affected systems.

A widespread phishing campaign utilized 'code of conduct' lures, a multi-step attack chain, and legitimate email services to distribute authenticated messages from attacker-controlled domains, ultimately leading to adversary-in-the-middle (AiTM) token compromise, primarily targeting US-based organizations.

CVE-2026-6266 allows a remote attacker to hijack user accounts in AAP gateway by manipulating the IDP-provided email during the user auto-linking process, potentially gaining unauthorized access, including administrative privileges.

A privilege escalation vulnerability exists in Norton Secure VPN during installation via the Microsoft Store (CVE-2025-58074), allowing a low-privilege user to replace files leading to arbitrary file deletion and potential elevation of privileges.

Multiple vulnerabilities in Progress Software MOVEit Automation can be exploited by an attacker to bypass security measures or gain elevated privileges.

A buffer overflow vulnerability exists in Totolink N300RH version 3.2.4-B20220812, specifically affecting the setWanConfig function within the /cgi-bin/cstecgi.cgi file, allowing a remote attacker to exploit it by manipulating the priDns argument in a POST request.

A remote, authenticated attacker can exploit a vulnerability in MariaDB to perform a denial of service attack and potentially execute arbitrary program code.

A remote buffer overflow vulnerability exists in osrg GoBGP up to version 4.3.0 within the PathAttributeAigp.DecodeFromBytes function, allowing attackers to potentially execute arbitrary code by manipulating the AIGP Attribute Parser.

Funadmin versions up to 7.1.0-rc6 are vulnerable to unrestricted file uploads due to improper handling of the File argument in the UploadService::chunkUpload function, potentially leading to remote code execution.

Shandong Hoteam Software PDM Product Data Management System up to version 8.3.9 is vulnerable to SQL injection via manipulation of the SortOrder argument in the GetQueryMachineGridOnePageData function of the /Base/BaseService.asmx/DataService file, allowing remote attackers to potentially execute arbitrary SQL commands.

YunaiV yudao-cloud up to version 3.8.0 is vulnerable to an authentication bypass (CVE-2026-7710) due to improper handling of the mock-token argument in the JwtAuthenticationTokenFilter.java file, allowing remote attackers to bypass authentication.

A remote code injection vulnerability exists in AV Stumpfl Pixera Two Media Server versions up to 25.2 R2 due to improper handling within the Websocket API, potentially allowing unauthenticated attackers to execute arbitrary code.

A SQL injection vulnerability in Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0 allows remote attackers to execute arbitrary SQL commands by manipulating the 'fCircuitids' argument in the '/SubstationWEBV2/main/elecMaxMinAvgValue' file.

Jinher OA 1.0 is vulnerable to remote SQL injection via the DeptIDList parameter in the /C6/JHSoft.Web.PlanSummarize/UserSel.aspx file, potentially allowing attackers to execute arbitrary SQL queries.

InnoShop version 0.7.8 and earlier contains an improper authentication vulnerability in the InstallServiceProvider::boot function (CVE-2026-7630) that allows remote attackers to bypass authentication and gain unauthorized access to the installation endpoint.

CVE-2026-7632 is a SQL injection vulnerability in code-projects Online Hospital Management System 1.0, allowing a remote attacker to execute arbitrary SQL commands by manipulating the 'delid' argument in the '/viewappointment.php' file.

The WCFM plugin for WordPress is vulnerable to an Insecure Direct Object Reference (IDOR) that allows authenticated attackers with Vendor-level access or higher to delete arbitrary users, including administrators.

The rule detects a potential chroot container escape via mount, which involves a user within a container mounting the host's root file system and using chroot to escape the containerized environment, indicating a privilege escalation attempt.

Detects suspicious chroot execution within a Linux container context, potentially indicating a container escape attempt by pivoting to an alternate root filesystem.

The Salon Booking System WordPress plugin is vulnerable to arbitrary file read, allowing unauthenticated attackers to exfiltrate local files by manipulating file-field values in booking confirmation emails.

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification of Stripe webhook configurations due to missing capability checks, allowing authenticated attackers with Subscriber-level access to disrupt payment processing.

The Geo Mashup WordPress plugin is vulnerable to Time-Based SQL Injection due to insufficient input sanitization, allowing unauthenticated attackers to extract sensitive database information.

A time-based SQL injection vulnerability (CVE-2026-4061) exists in the Geo Mashup WordPress plugin (<= 1.13.18) due to insufficient sanitization of the 'map_post_type' parameter, enabling unauthenticated attackers to extract sensitive information via time-based blind SQL injection if the Geo Search feature is enabled.

Zyosoft's School App contains an Insecure Direct Object Reference vulnerability (CVE-2026-7491) that allows authenticated remote attackers to modify parameters and access or modify other users' data.

A privileged remote attacker can exploit CVE-2026-7490 in Sunnet CTMS and CPAS to upload and execute web shell backdoors, leading to arbitrary code execution on the server.

Sunnet CTMS is vulnerable to SQL injection (CVE-2026-7489), allowing authenticated remote attackers to execute arbitrary SQL commands and compromise the database.

The PixelYourSite Pro WordPress plugin is vulnerable to server-side request forgery (SSRF), allowing unauthenticated attackers to make arbitrary web requests from the server, potentially querying or modifying internal services.

The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check, allowing authenticated attackers to modify SMTP settings and escalate privileges.

A privilege escalation vulnerability exists in the Import and export users and customers plugin for WordPress (versions <= 2.0.8) due to an incomplete blocklist allowing authenticated users to gain administrator privileges on subsites within a Multisite network.

Threat actors are compromising npm packages, including those targeting SAP developers, to steal credentials, embed themselves in CI/CD pipelines, and deploy multi-stage payloads using techniques like wormable propagation and covert C2 channels on GitHub.

Threat actors are rapidly exfiltrating data by exploiting blind spots created by an over-reliance on endpoint data, necessitating a comprehensive security approach that incorporates cloud, identity, and network telemetry for effective threat detection and response.

This threat brief details the detection of GenAI tools accessing sensitive files containing credentials, SSH keys, browser data, and shell configurations, indicating potential credential harvesting and persistence attempts by attackers leveraging GenAI agents.

CVE-2026-7593 is an OS command injection vulnerability in Sunwood-ai-labs command-executor-mcp-server up to version 0.1.0, allowing remote attackers to execute arbitrary commands via the execute_command function in src/index.ts.

A path traversal vulnerability exists in Flux159 mcp-game-asset-gen version 0.1.0, where manipulation of the `statusFile` argument in the `image_to_3d_async` function allows for remote exploitation.

Detection of IAM API calls that create or empower IAM users and roles, attach policies, or configure instance profiles when the caller is an assumed role session associated with AWS Lambda, potentially indicating privilege escalation or persistence.

itsourcecode Courier Management System 1.0 is vulnerable to SQL Injection via the ID parameter in /edit_staff.php, potentially allowing remote attackers to execute arbitrary SQL commands.

Detects suspicious DNS queries containing a base64-encoded blob, indicating potential Kerberos coercion attacks and SPN spoofing via DNS to coerce authentication to attacker-controlled hosts, enabling Kerberos or NTLM relay attacks.

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to 1.2.9.2, allowing unauthenticated attackers to overwrite arbitrary plugin and theme PHP files with malicious code by tricking a site administrator into clicking a link.

This rule identifies process execution events where the effective user is root while the real user is not, the process arguments include the privileged shell flag commonly associated with setuid-capable shells, and the executable path is outside standard system binary directories, indicating potential privilege escalation.

Threat actors are using social engineering to distribute malware via AI distribution platforms such as Hugging Face and ClawHub by tricking users into downloading malicious files, which leads to malware infections on Windows, macOS, Linux, and Android systems.

SourceCodester Pharmacy Sales and Inventory System 1.0 is vulnerable to remote SQL injection via the ID parameter in the /ajax.php?action=delete_customer endpoint, allowing attackers to potentially read, modify, or delete database information.

CVE-2026-7550 is an SQL injection vulnerability in SourceCodester Pharmacy Sales and Inventory System 1.0, allowing remote attackers to execute arbitrary SQL commands by manipulating the ID argument in the /ajax.php?action=save_customer endpoint.

A use-after-free vulnerability in the ANGLE graphics engine within Chromium (CVE-2026-7359) allows for potential exploitation in Google Chrome and Microsoft Edge.

CVE-2026-7355 is a use-after-free vulnerability in the Media component of Chromium, affecting Google Chrome and Microsoft Edge, potentially allowing for arbitrary code execution.

CVE-2026-7349 is a use-after-free vulnerability in the Cast component of Chromium, affecting Google Chrome and Microsoft Edge.

A SQL injection vulnerability (CVE-2026-7545) exists in SourceCodester Advanced School Management System 1.0 within the checkEmail endpoint of commonController.php, allowing remote attackers to potentially execute arbitrary SQL commands.

A path traversal vulnerability exists in Fujian Apex LiveBOS version 2.0 and earlier, allowing remote attackers to read arbitrary files by manipulating the filename argument in the /feed/UploadImage.do endpoint.

nextlevelbuilder GoClaw and GoClaw Lite versions up to 3.8.5 are vulnerable to improper authorization in the RPC Handler component, potentially allowing remote attackers to bypass security controls.

A missing authorization vulnerability in Kirby CMS allows authenticated users to bypass intended access restrictions on pages and files, potentially leading to unauthorized information disclosure and content modification; patched in versions 4.9.0 and 5.4.0.

A vulnerability in the CopyFile verification of Kata agent policies generated by the Contrast CLI allows arbitrary writes to the guest root filesystem, potentially leading to a full guest takeover.

Clerk has an authorization bypass vulnerability in multiple packages where the `has()` and `auth.protect()` predicates can incorrectly return true, potentially allowing unauthorized actions.

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read, potentially causing information disclosure or denial of service.

The n8n-mcp SDK embedder path is vulnerable to server-side request forgery (SSRF) due to the synchronous URL validator in `SSRFProtection.validateUrlSync()` not checking for IPv6 addresses, allowing attackers to access cloud metadata endpoints, RFC1918 private networks, or localhost services by supplying a crafted `n8nApiUrl`.

A stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook versions 7.0.0 through 7.5.5 and JupyterLab versions up to 4.5.6 allows attackers to steal authentication tokens by tricking users into interacting with malicious notebook files, leading to complete account takeover via the Jupyter REST API.

Gotenberg version 8.29.1 is vulnerable to Server-Side Request Forgery (SSRF) due to an unfiltered webhook URL, allowing unauthenticated attackers to force outbound HTTP POST requests to arbitrary destinations, enabling internal network probing and interaction with internal services.

This rule detects potential exploitation of CVE-2026-31431, a Copy Fail vulnerability in the Linux kernel, via AF_ALG socket abuse, by correlating non-root AF_ALG-class socket or splice events with a subsequent process execution where the effective user is root but the login user remains non-root, indicating a privilege escalation attempt.

In Q1 2026, email threats increased, including credential phishing, QR code phishing, and CAPTCHA-gated campaigns, with Microsoft's disruption of the Tycoon2FA phishing platform leading to a 15% volume decrease and shifts in threat actor tactics; BEC activity remained prevalent at 10.7 million attacks.

The 'BackgroundFix' ClickFix campaign uses social engineering to trick victims into downloading malware disguised as a free image-editing tool, leading to the deployment of CastleLoader, NetSupport RAT for remote access, and CastleStealer for credential theft.

Multiple vulnerabilities in ABB AWIN Gateways allow an unauthenticated attacker to remotely reboot the device (CVE-2025-13778) or disclose sensitive system configuration details (CVE-2025-13777, CVE-2025-13779).

CVE-2025-14510 allows an attacker to bypass Azure Active Directory Single-Sign On authentication in vulnerable ABB Ability OPTIMAX versions, potentially granting unauthorized access to critical infrastructure systems.

A local attacker can exploit an unpatched vulnerability in Microsoft Windows RPC to escalate privileges.

Multiple vulnerabilities in Absolute Secure Access could allow an attacker to escalate privileges, conduct a denial-of-service attack, and disclose sensitive information.

Multiple vulnerabilities in Acronis Cyber Protect Cloud Agent can be exploited by a local or remote, authenticated attacker to escalate privileges.

Multiple vulnerabilities in SonicWall SonicOS allow a remote attacker to escalate privileges, bypass security measures, or cause a denial-of-service condition.

A remote, anonymous attacker can exploit multiple vulnerabilities in Fast Datapath for Red Hat Enterprise Linux to perform a denial-of-service attack or disclose sensitive information.

A local attacker can exploit a vulnerability in CUPS to execute arbitrary program code with administrator privileges on Linux and macOS systems.

Multiple vulnerabilities in sudo allow a local attacker to bypass security precautions and escalate privileges to root.

Multiple vulnerabilities in Google Chrome could allow an attacker to execute arbitrary code, bypass security mechanisms, disclose and manipulate data, and cause a denial-of-service condition.

A local attacker can exploit a vulnerability in PackageKit to escalate their privileges on a Linux system.

Multiple vulnerabilities exist in Xen and Citrix Systems XenServer that could allow an attacker to escalate privileges, bypass security measures, modify and disclose data, or cause a denial-of-service condition.

CVE-2026-34978 is a path traversal vulnerability in OpenPrinting CUPS that allows writing files outside the CacheDir/rss directory, potentially overwriting the job.cache file.

CVE-2026-5778 is an integer underflow vulnerability in the ChaCha decrypt path of an unspecified Microsoft product, leading to an out-of-bounds access issue.

VetCoders mcp-server-semgrep version 1.0.0 is vulnerable to remote OS command injection due to manipulation of the ID argument in several functions of the MCP Interface component.

Multiple vulnerabilities in Wireshark versions 4.4.x before 4.4.15 and 4.6.x before 4.6.5 could allow remote attackers to execute arbitrary code, cause a denial of service, or compromise data confidentiality.

Multiple vulnerabilities in MISP versions prior to 2.5.37 allow attackers to perform privilege escalation, SQL injection (SQLi), and security policy bypass.

Multiple vulnerabilities in Exim versions prior to 4.99.2 allow an attacker to cause a remote denial of service, a breach of data confidentiality, and an unspecified security problem.

Threat actors are abusing the Komari monitoring agent, a project hosted on GitHub, as a SYSTEM-level backdoor following initial access through compromised VPN credentials and lateral movement via Impacket.

n8n is vulnerable to cross-site scripting (XSS) via a malicious MCP OAuth client, allowing an unauthenticated attacker to inject arbitrary JavaScript into an authenticated user's session.

A sandbox escape vulnerability exists in n8n's Python Task Runner that allows an authenticated user with workflow creation/modification permissions to achieve arbitrary code execution on the task runner container, impacting n8n instances with the Python Task Runner enabled; upgrade to versions 1.123.32, 2.17.4, 2.18.1 or later to remediate the vulnerability.

A relative path traversal vulnerability exists in getsimpletool mcpo-simple-server <= 0.2.0, allowing remote attackers to delete arbitrary files via manipulation of the `detail` argument in the `delete_shared_prompt` function.

Alloksoft Video Joiner 4.6.1217 is vulnerable to a local buffer overflow (CVE-2018-25315) allowing attackers to execute arbitrary code via a crafted license name.

Allok Soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 is vulnerable to a buffer overflow, allowing local attackers to execute arbitrary code via a crafted License Name field.

SysGauge Pro 4.6.12 is vulnerable to a local buffer overflow in the Register function, allowing local attackers to overwrite the structured exception handler and execute arbitrary code by supplying a crafted unlock key during registration.

CVE-2018-25308 is a remote code execution vulnerability in BuddyPress Xprofile Custom Fields Type 2.6.3 that allows authenticated users to delete arbitrary files on the server by manipulating POST parameters.

XATABoost CMS 1.0.0 is vulnerable to union-based SQL injection, allowing unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter via GET requests to news.php, enabling extraction of sensitive database information.

Prime95 version 29.4b8 contains a local buffer overflow vulnerability, allowing attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms through a malicious payload in the PrimeNet proxy hostname field.

Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string.

Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability (CVE-2018-25303) in the License Name field, allowing a local attacker to execute arbitrary code by triggering a structured exception handler (SEH) overwrite.

Allok AVI to DVD SVCD VCD Converter 4.0.1217 is vulnerable to a SEH-based buffer overflow, allowing local attackers to execute arbitrary code by providing a malicious string in the License Name field.

A path traversal vulnerability exists in fatbobman mail-mcp-bridge version 1.3.3 and earlier, allowing a remote attacker to read arbitrary files by manipulating the message_ids argument in the src/mail_mcp_server.py file.

A remote SQL injection vulnerability (CVE-2026-7389) exists in EyouCMS versions up to 1.7.9 due to improper handling of the 'sort_asc' argument in the GetSortData function, potentially allowing attackers to execute arbitrary SQL commands.

OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that allows attackers to bypass strictInlineEval explicit-approval requirements on gateway and node exec hosts, leading to arbitrary command execution.

OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows attackers to circumvent the browser.request persistent profile-mutation guard and modify browser configurations.

OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function, allowing attackers to mint tokens for unapproved roles and bypass intended approval processes.

OpenClaw before 2026.4.8 is vulnerable to server-side request forgery (SSRF) in QQ Bot media download paths, allowing attackers to bypass SSRF protections and access internal resources.

OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privilege escalation by declaring operator scopes on non-Control-UI clients.

OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives, allowing attackers to install malicious plugins and compromise the local assistant environment.

OpenClaw before 2026.3.22 is vulnerable to incomplete host environment variable sanitization, allowing attackers to redirect package resolution or runtime bootstrap to attacker-controlled infrastructure and execute trojanized content.

OpenClaw before 2026.3.28 contains an execution approval vulnerability in exec-approvals-allowlist.ts that allows attackers to bypass intended execution restrictions by exploiting trust relationships with wrapper carrier executables, leading to privilege escalation and defense evasion.

OpenClaw before 2026.3.24 is vulnerable to environment variable injection, allowing attackers to inject malicious environment variables through crafted workspace configurations in the CLI backend, leading to potential code execution or sensitive data exposure.

OpenClaw before 2026.4.2 is vulnerable to arbitrary directory deletion in mirror mode, enabling attackers to delete remote directories by manipulating remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values.

A path traversal vulnerability exists in eiceblue spire-pdf-mcp-server version 0.1.1, allowing remote attackers to access arbitrary files via manipulation of the filepath argument in the get_pdf_path function.

A path traversal vulnerability exists in eiceblue spire-doc-mcp-server version 1.0.0, allowing a remote attacker to access arbitrary files by manipulating the 'document_name' argument in the 'get_doc_path' function.

Multiple vulnerabilities in cURL could allow an attacker to bypass security measures, disclose confidential information, or manipulate data.

Elinsky execution-system-mcp 0.1.0 is vulnerable to path traversal via manipulation of the context argument in the _get_context_file_path function, allowing remote attackers to access sensitive files.

Multiple vulnerabilities in Red Hat Enterprise Linux's LibRaw component allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

An anonymous remote attacker can exploit a SQL injection vulnerability in ProFTPD.

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability that allows previously paired nodes to reconnect and execute privileged commands without proper authorization, potentially leading to complete system compromise.

OpenClaw before 2026.4.8 contains an improper authorization vulnerability (CVE-2026-42426) allowing attackers with `operator.write` permissions to bypass node pairing approval and gain unauthorized access to `exec`-capable nodes by exploiting the `node.pair.approve` method which incorrectly accepts the `operator.write` scope instead of the narrower `operator.pairing` scope.

OpenClaw before version 2026.3.28 contains an exec allowlist bypass vulnerability (CVE-2026-41390) that allows attackers to persist trust for wrapper binaries like /usr/bin/script to execute different underlying programs, potentially leading to privilege escalation.

UNC6692 is a newly discovered, financially motivated threat actor that combines social engineering via Microsoft Teams, custom malware named SNOWBELT, and abuse of legitimate AWS S3 cloud infrastructure in its attack campaigns to steal credentials and prepare for data exfiltration.

A remote SQL injection vulnerability exists in SourceCodester Pharmacy Sales and Inventory System 1.0 via manipulation of the ID parameter in the /ajax.php?action=delete_category endpoint, potentially leading to unauthorized data access or modification.

A path traversal vulnerability exists in douinc mkdocs-mcp-plugin up to version 0.4.1, allowing remote attackers to access unauthorized files through manipulation of the docs_dir/file_path argument in the read_document/list_documents functions within server.py.

A DLL hijacking vulnerability in eMPIA Technology's AVACAST (CVE-2026-7279) allows authenticated local attackers to achieve arbitrary code execution with system privileges by placing a malicious DLL in a specific directory.

A path traversal vulnerability (CVE-2026-7237) exists in AgiFlow scaffold-mcp versions up to 1.0.27, allowing remote attackers to write to arbitrary files by manipulating the file_path argument in the write-to-file tool.

A path traversal vulnerability (CVE-2026-7234) exists in BrowserOperator browser-operator-core up to version 0.6.0, allowing remote attackers to read arbitrary files by manipulating the request.url argument in the startsWith function of scripts/component_server/server.js.

A remote buffer overflow vulnerability exists in Totolink N300RT 3.4.0-B20250430 via manipulation of the 'entry_name' argument in the /boafrm/formIpQoS file, potentially leading to arbitrary code execution.

A path traversal vulnerability (CVE-2026-7214) exists in eghuzefa's engineer-your-data up to version 0.1.3, allowing remote attackers to read or write arbitrary files by manipulating the WORKSPACE_PATH argument.

A path traversal vulnerability exists in edvardlindelof notes-mcp up to version 0.1.4, affecting the notes_mcp.py file, allowing a remote attacker to access sensitive files by manipulating the `root_dir/path` argument.

A path traversal vulnerability exists in the `search_papers` function of `src/main.py` in duartium papers-mcp-server version 9ceb3812a6458ba7922ca24a7406f8807bc55598, allowing remote attackers to read arbitrary files by manipulating the `topic` argument, with a public exploit available.

A command injection vulnerability (CVE-2026-7211) exists in the GitSearchRequest function of dvladimirov MCP up to version 0.1.0, allowing a remote attacker to execute arbitrary commands by manipulating the repo_url or pattern argument.

A SQL injection vulnerability exists in dubydu sqlite-mcp version 0.1.0 and earlier within the extract_to_json function allowing remote exploitation through manipulation of the output_filename argument.

A SQL injection vulnerability (CVE-2026-7199) exists in SourceCodester Pharmacy Sales and Inventory System 1.0, allowing remote attackers to execute arbitrary SQL commands by manipulating the 'ID' parameter in the `/ajax.php?action=delete_product` endpoint, potentially leading to data breach or system compromise.

OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files by uploading a malicious tar archive containing symlinks, leading to arbitrary file write on the remote host.

CVE-2026-7131 is a SQL injection vulnerability in code-projects Online Lot Reservation System up to version 1.0, affecting the /loginuser.php component via manipulation of the email/password arguments, which could allow remote attackers to execute arbitrary SQL queries.

BlueNoroff, a subgroup of the Lazarus Group, is targeting North American Web3 companies through spear-phishing campaigns, impersonating Fintech legal professionals.

A command injection vulnerability exists in tufantunc ssh-mcp up to version 1.5.0 via manipulation of the Description argument in the shell.write function.

SourceCodester Pharmacy Sales and Inventory System 1.0 is vulnerable to SQL injection by manipulating the ID argument in the /ajax.php?action=save_receiving file, allowing remote attackers to execute arbitrary SQL commands.

A SQL injection vulnerability exists in itsourcecode Construction Management System version 1.0, affecting the processing of the /locations.php file, allowing a remote attacker to inject SQL commands by manipulating the 'address' argument, with a publicly available exploit.

A SQL injection vulnerability exists in CodePanda Source canteen_management_system version 1.0 within the /api/login.php file by manipulating the Username argument, allowing remote attackers to execute arbitrary SQL commands.

A SQL injection vulnerability exists in code-projects Inventory Management System 1.0 within the Login component, specifically affecting the Username argument, where a remote attacker can manipulate the Username parameter, leading to unauthorized data access or modification.

A command injection vulnerability exists in D-Link DIR-822 A_101, specifically within the udhcpd DHCP service; by manipulating the Hostname argument, a remote attacker can inject commands, but the affected product is no longer supported.

CVE-2026-7063 is a SQL Injection vulnerability in code-projects Employee Management System 1.0 via the 'pwd' parameter in /370project/process/eprocess.php, enabling remote attackers to execute arbitrary SQL commands.

Toowiredd chatgpt-mcp-server up to version 0.1.0 is vulnerable to OS command injection via the file src/services/docker.service.ts of the component MCP/HTTP, allowing for remote exploitation.

KLiK SocialMediaWebsite up to version 1.0.1 is vulnerable to SQL injection via manipulation of the c_id argument in the /includes/get_message_ajax.php file, specifically affecting the Private Message Handler component, which can be exploited remotely.

CVE-2026-7036 is a path traversal vulnerability affecting the R7WebsSecurityHandlerfunction in the HTTP Handler component of Tenda i9 version 1.0.0.5(2204), allowing remote attackers to access sensitive files.

The `cilium-bugtool` debugging tool in Cilium exposes WireGuard private keys, potentially allowing unauthorized access to encrypted node-to-node communication in affected versions.

A remote improper authentication vulnerability exists in SmythOS sre up to version 0.0.15, allowing attackers to bypass authentication by manipulating the X-DEBUG-RUN/X-DEBUG-INJ arguments in the HTTP Header Handler component.

PicoClaw version 0.2.4 is vulnerable to command injection via the /api/gateway/restart endpoint of the Web Launcher Management Plane, allowing a remote attacker to execute arbitrary commands by manipulating input.

A vulnerability in Claude Code allowed for trust dialog bypass via git worktree spoofing, potentially leading to arbitrary code execution by crafting a malicious repository with a `commondir` file pointing to a previously trusted path, bypassing the trust dialog, and executing malicious hooks defined in `.claude/settings.json`.

In early April 2026, Arctic Wolf tracked a large-scale device code phishing campaign across multiple regions and sectors where threat actors abused OAuth device code flow to trick victims into providing authentication codes.

k8sGPT versions before 0.4.32 are vulnerable to prompt injection due to deserialization of AI-generated YAML without proper validation in the auto-remediation pipeline, potentially leading to arbitrary code execution within the Kubernetes cluster.

A remote attacker can exploit an out-of-bounds read vulnerability in Open Virtual Network (OVN) by sending crafted DHCPv6 SOLICIT packets, leading to sensitive information disclosure.

OpenShell before 2026.3.28 is vulnerable to arbitrary code execution via mirror mode when converting untrusted sandbox files into workspace hooks, allowing attackers with mirror mode access to execute code during gateway startup.

OpenClaw before 2026.3.31 allows attackers to execute arbitrary code by overriding the OPENCLAW_BUNDLED_HOOKS_DIR environment variable using a workspace .env file, enabling the loading of attacker-controlled hook code.

Multiple vulnerabilities in Microsoft Azure, Microsoft 365 Copilot, Microsoft Dynamics 365, and Microsoft Power Apps could allow an attacker to escalate privileges, execute arbitrary code, and conduct spoofing attacks.

D-Link DWM-222W USB Wi-Fi Adapter is vulnerable to brute-force attacks due to a protection bypass, allowing unauthenticated adjacent network attackers to gain control over the device by circumventing login attempt limits.

A server-side template injection (SSTI) vulnerability exists in Kirby CMS within the option rendering feature due to double template resolution in option fields (checkboxes, color, multiselect, select, radio, tags, or toggles) when using options from a query or API with untrusted values, potentially allowing attackers to inject malicious queries.

Radare2 versions prior to 6.1.4 are vulnerable to a path traversal in project deletion, allowing local attackers to recursively delete arbitrary directories by escaping the 'dir.projects' root, leading to integrity and availability loss.

Trigona ransomware is using a custom data exfiltration tool named 'uploader_client.exe' to steal data from compromised environments, enhancing speed and evasion.

The CanisterSprawl malware campaign targets npm packages, using a self-propagating approach to steal sensitive data from developer machines, including tokens and API keys, and attempting to publish malicious packages using hijacked credentials.

The rust-openssl crate versions 0.9.24 prior to 0.10.78 are vulnerable to memory leaks due to unchecked callback lengths in PSK/cookie trampolines, potentially leading to buffer overflows.

A SQL injection vulnerability exists in Daptin versions prior to 0.11.4 within the `/aggregate/:typename` endpoint, where the `column` and `group` query parameters are passed to `goqu.L()` without validation, allowing authenticated users to inject arbitrary SQL expressions and exfiltrate sensitive data.

China-nexus cyber actors are increasingly using large-scale networks of compromised devices, including SOHO routers and IoT devices, to obscure the origin of their attacks and conduct various malicious activities, from reconnaissance to data exfiltration.

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints, allowing authenticated board members to perform administrative actions without proper privilege verification, potentially leading to unauthorized data access and modification.

CVE-2026-31478 is a vulnerability in Microsoft's ksmbd implementation related to incorrect calculation of maximum output buffer length, potentially leading to a denial-of-service or remote code execution.

CVE-2026-31507 is a double-free vulnerability in the net/smc module that occurs when the tee() function duplicates a splice pipe buffer, potentially leading to memory corruption and denial of service.

SiYuan is vulnerable to path traversal via double URL encoding in the `/export/` endpoint, bypassing an incomplete fix for CVE-2026-30869; an authenticated attacker can exploit this vulnerability to traverse directories and read arbitrary workspace files, including the SQLite database (`siyuan.db`), kernel log, and user documents due to a redundant `url.PathUnescape()` call in `serveExport()`.

A high volume of failed Microsoft Entra ID sign-in attempts resulting in account lockouts indicates potential brute-force attacks, such as password spraying or credential stuffing, targeting user accounts.

Attackers are stealing AWS credentials configured as GitHub Actions secrets and using them from non-CI/CD infrastructure, indicating potential credential theft and unauthorized access to AWS resources.

This brief outlines the threat of attackers leveraging GenAI tools to access sensitive files containing credentials, SSH keys, browser data, and shell configurations for credential access and persistence.

LanSpy 2.0.1.159 is vulnerable to a local buffer overflow, allowing an attacker to overwrite the instruction pointer by providing a crafted payload to the scan field, potentially leading to code execution.

A local attacker can exploit a path traversal vulnerability in InstructLab by manipulating the `logs_dir` parameter, leading to arbitrary file creation and modification.

WWBN AVideo versions 29.0 and below contain a path traversal vulnerability (CVE-2026-41058) in the CloneSite functionality, allowing unauthenticated attackers to delete arbitrary files via manipulation of the `deleteDump` parameter.

WWBN AVideo versions 29.0 and below are vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete fix in the LiveLinks proxy, potentially allowing attackers to redirect traffic to internal endpoints.

The Tekton Pipelines git resolver in API mode leaks the system-configured Git API token to a user-controlled `serverURL` when the user omits the `token` parameter, allowing an attacker with TaskRun or PipelineRun creation permissions to exfiltrate the shared API token.

Tekton Pipelines versions 1.0.0 to 1.10.0 are vulnerable to credential access, where the Git resolver in API mode transmits the system-configured Git API token to a user-controlled serverURL, enabling token exfiltration via a malicious server.

CVE-2026-34282 is a remotely exploitable vulnerability in the Networking component of Oracle Java SE and GraalVM that allows an unauthenticated attacker to cause a complete denial of service.

A heap buffer overflow vulnerability exists in NTFS-3G versions 2022.10.3 before 2026.2.25 that allows for heap memory corruption by processing a crafted NTFS image with multiple ACCESS_DENIED ACEs containing WRITE_OWNER from distinct group SIDs.

NestJS versions before 11.1.19 are susceptible to an uncontrolled recursion vulnerability (CVE-2026-40879) where sending many small JSON messages in a single TCP frame triggers a call stack overflow, resulting in a denial-of-service condition.

HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerability where remote channels inherit permissive access, potentially leading to unauthorized file disclosure and read access.

Hermes WebUI is vulnerable to arbitrary file deletion via path traversal in the /api/session/delete endpoint due to insufficient validation of the session_id parameter, allowing authenticated attackers to delete writable JSON files on the host system.

The goshs SimpleHTTPServer prior to version 2.0.0-beta.6 is vulnerable to ArtiPACKED, potentially leading to leakage of the GITHUB_TOKEN through workflow artifacts.

FreeScout versions prior to 1.8.213 contain a mass assignment vulnerability allowing authenticated admins to modify sensitive mailbox settings by injecting parameters into connection settings requests, leading to email exfiltration and account compromise.

Fortra's GoAnywhere MFT prior to 7.10.0 is vulnerable to brute-force attacks on SSH keys because the login limit is not enforced on the SFTP service when Web Users are configured to log in with an SSH Key.

A heap-buffer-overflow vulnerability exists in binutils when processing a specially crafted XCOFF object file, potentially leading to arbitrary code execution or denial of service.

A vulnerability exists in Progress Telerik UI for AJAX prior to 2026.1.421, RadAsyncUpload, due to missing cumulative size enforcement during chunk reassembly, which allows file uploads to exceed the configured maximum size, leading to disk space exhaustion.

Multiple vulnerabilities in OpenBao can be exploited by an attacker to bypass security measures, conduct a denial of service attack, and conduct a SQL injection attack.

pyLoad versions up to 0.5.0b3.dev97 cache user roles and permissions in the session, leading to privilege escalation even after an admin revokes privileges.

CVE-2026-35246 is a vulnerability in Oracle VM VirtualBox version 7.2.6, where a high-privileged attacker with local access can exploit it to compromise the application potentially leading to a complete takeover.

NVIDIA CUDA-Q is vulnerable to an out-of-bounds read via a maliciously crafted request to an endpoint, potentially leading to denial of service and information disclosure as tracked by CVE-2026-24189.

A remote code execution vulnerability exists in OpenMage LTS versions prior to 20.16.1 due to Phar deserialization, where an attacker can upload a malicious phar file disguised as an image and trigger deserialization via functions like `getimagesize()`, `file_exists()`, or `is_readable()` when processing `phar://` stream wrapper paths, leading to arbitrary code execution.

CVE-2026-32223 is an elevation of privilege vulnerability affecting the Windows USB Printing Stack (usbprint.sys), potentially allowing a local attacker to gain elevated privileges on a vulnerable system.

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function, allowing authenticated users to execute arbitrary commands via crafted GraphQL mutations.

The Notepad++ updater (gup.exe) creating files in suspicious locations can indicate potential exploitation for malware delivery or unwarranted file placement, potentially leading to credential access and collection.

A deserialization of untrusted data vulnerability in the MetaSlider Responsive Slider plugin for WordPress (versions up to 3.106.0) allows for unauthenticated object injection, potentially leading to remote code execution.

Adversaries are increasingly targeting macOS environments, leveraging native tools like Remote Application Scripting (RAS) and Spotlight metadata to bypass security controls for remote code execution and lateral movement.

Multiple vulnerabilities in Fortinet FortiSandbox allow attackers to perform cross-site scripting attacks, disclose information, bypass security measures, and execute arbitrary code, potentially leading to system compromise.

Multiple vulnerabilities in Roundcube allow an attacker to manipulate files, bypass security measures, perform cross-site scripting attacks, and disclose information.

Multiple vulnerabilities in Microsoft Visual Studio, .NET Framework, .NET, PowerShell, and Visual Studio Code can be exploited by an attacker to disclose sensitive information, conduct spoofing attacks, cause a denial of service, or bypass security measures, potentially leading to arbitrary code execution.

An anonymous remote attacker can exploit multiple vulnerabilities in FreeRDP to potentially execute arbitrary code, cause a denial-of-service condition, manipulate data, disclose confidential information, or perform other unspecified attacks.

A local attacker can exploit multiple vulnerabilities in Intel Firmware to disclose confidential information or gain elevated privileges.

CVE-2026-31368 is a type privilege bypass vulnerability in AiAssistant, potentially leading to service availability issues and complete compromise of the system.

FreeScout versions prior to 1.8.213 are vulnerable to CSS injection via the mailbox signature, allowing an attacker with mailbox settings access to exfiltrate CSRF tokens and escalate privileges.

OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability (CVE-2026-41295) allowing attackers to execute unintended code by cloning a workspace with a malicious plugin claiming a bundled channel id.

An improper authentication vulnerability in rowboatlabs rowboat <=0.1.67 allows remote attackers to bypass authentication by manipulating the X-Tools-JWE argument in the tool_call function, potentially leading to unauthorized access and control.

A SQL injection vulnerability (CVE-2026-6629) exists in Metasoft MetaCRM up to version 6.4.0, allowing remote attackers to execute arbitrary SQL commands via manipulation of the sql argument in the Statement.executeUpdate function of the sql.jsp file.

TeamT5's ThreatSonar Anti-Ransomware is vulnerable to arbitrary file deletion via path traversal, allowing authenticated remote attackers with web access to delete arbitrary files on the system.

A code injection vulnerability exists in modelscope agentscope up to version 1.0.18, specifically affecting the execute_python_code/execute_shell_command functions, allowing for remote code execution.

Silex Technology's SD-330AC and AMC Manager are vulnerable to insecure default initialization, allowing a null string password to be set upon initial network connection (CVE-2026-32965).

An unrestricted file upload vulnerability in langflow-ai langflow versions up to 1.1.0 allows remote attackers to execute arbitrary code via the create_upload_file function in the API Endpoint.

A prototype pollution vulnerability (CVE-2026-6594) in brikcss merge up to version 1.3.0 allows remote attackers to modify object prototype attributes by manipulating the __proto__/constructor.prototype/prototype argument.

CVE-2026-6580 describes a vulnerability in liangliangyy DjangoBlog up to version 2.1.0.0 where manipulation of the 'key' argument in the Amap API Call Handler leads to the use of a hard-coded cryptographic key, enabling remote exploitation.

A phishing campaign is abusing legitimate Apple account change notifications to deliver fake iPhone purchase scams, tricking users into calling malicious support numbers.

CVE-2026-6574 allows remote attackers to manipulate the 'key' argument in the /public/install/lp.sql file via the API Upload Endpoint in osuuu LightPicture <= 1.2.2, leading to hardcoded credentials exposure.

KodExplorer up to version 4.52 is vulnerable to a path traversal attack via manipulation of the path argument in the share.class.php::initShareOld function, potentially allowing remote attackers to access sensitive files.

WeGIA versions prior to 3.6.10 are vulnerable to SQL injection via the cpf_usuario POST parameter, allowing authenticated users to query the database under an arbitrary identity.

PraisonAI is vulnerable to SQL injection across nine database backends due to unsanitized `table_prefix` parameters, and in PostgreSQL due to an unsanitized `schema` parameter, enabling arbitrary SQL execution.

DNN (formerly DotNetNuke) before 10.2.2 is vulnerable to stored cross-site scripting (XSS) via malicious SVG file uploads, potentially leading to account takeover and arbitrary code execution.

Anviz CrossChex Standard is vulnerable to unauthorized database access due to the manipulation of TDS7 PreLogin, which disables encryption, leading to plaintext transmission of database credentials.

An unauthenticated attacker can trigger a denial-of-service condition on vulnerable Firebird servers by sending a specially crafted op_crypt_key_callback packet, leading to a null pointer dereference and server crash.

A compromised SecureDrop server can achieve code execution on the SecureDrop client's virtual machine by exploiting improper filename validation during gzip archive extraction, allowing for the overwriting of critical files.

A SQL injection vulnerability exists in Dagster's DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers, where a user with 'Add Dynamic Partitions' permission can inject arbitrary SQL due to improper escaping of dynamic partition key values, leading to unauthorized data access or modification.

YesWiki is vulnerable to authenticated SQL Injection via the id_fiche parameter in the EntryManager::formatDataBeforeSave() function, allowing attackers to inject arbitrary SQL commands and potentially extract sensitive data.

Movary versions prior to 0.71.1 allow authenticated users to escalate privileges to administrator by manipulating the `isAdmin` field via a PUT request to the `/settings/users/{userId}` endpoint, due to missing authorization checks.

FastGPT versions prior to 4.14.9.5 are vulnerable to NoSQL injection in the password change endpoint, allowing authenticated attackers to bypass password verification and perform account takeover.

The openclaw package versions prior to 2026.4.10 are vulnerable to environment variable injection, where the exec environment policy missed interpreter startup variables allowing operator-supplied environment overrides to influence downstream execution or network behavior, addressed in versions 2026.4.10 and later.

Anviz CX2 Lite and CX7 devices are vulnerable to unauthenticated POST requests that allow modification of debug settings such as enabling SSH, leading to unauthorized state changes and potential compromise.

Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic.

xrdp versions through 0.10.5 are vulnerable to a privilege escalation flaw (CVE-2026-32107) where improper privilege management during the privilege drop process could allow an authenticated local attacker to escalate privileges to root and execute arbitrary code.

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed, allowing attackers to write files outside the intended custom-agent directory.

A remote attacker can exploit an out-of-bounds write vulnerability (CVE-2026-6507) in dnsmasq by sending a specially crafted BOOTREPLY packet to a server configured with the `--dhcp-split-relay` option, leading to a denial of service.

An unauthenticated attacker can cause a denial-of-service (DoS) in zrok by sending a crafted HTTP request with a large cookie chunk count to an OAuth-protected proxy share, triggering unbounded memory allocation and leading to process termination.

Paperclip application suffers from multiple unauthenticated API access vulnerabilities allowing attackers to access sensitive data, gather reconnaissance, and potentially bypass authentication.

OCaml opam before 2.5.1 is vulnerable to path traversal via a crafted .install file, potentially allowing attackers to overwrite arbitrary files.

Multiple defense-in-depth gaps exist in Meridian versions prior to 2.1.1, including high severity issues related to bypassing safety caps on collection mapping that can lead to resource exhaustion, along with medium and low severity issues affecting constructor selection, telemetry, retry mechanisms, and exception handling.

An authenticated SQL injection vulnerability (CVE-2026-5785) in the query report module of Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 allows attackers with low privileges to potentially read or modify sensitive database information.

CVE-2026-22039 incompletely fixed a cross-namespace privilege escalation vulnerability in Kyverno's apiCall context, as the ConfigMap context loader still lacks namespace validation, allowing a namespace admin to read ConfigMaps from any namespace using Kyverno's privileged service account, leading to a complete RBAC bypass in multi-tenant Kubernetes clusters.

An authorization bypass vulnerability exists in Better Auth's OAuth provider, allowing low-privilege users to create OAuth clients despite configured clientPrivileges, potentially leading to unauthorized client registration and increased phishing risks.

A remote command injection vulnerability exists in the Wavlink WL-WN530H4 router, specifically in the `strcat/snprintf` function of the `/cgi-bin/internet.cgi` file, allowing attackers to execute arbitrary OS commands.

Dell PowerProtect Data Domain versions 7.7.1.0 through 8.5, 8.3.1.0 through 8.3.1.20, and 7.13.1.0 through 7.13.1.60, contain an improper certificate validation vulnerability in certificate-based login, potentially leading to privilege escalation.

A local attacker can exploit a vulnerability in Dell Storage Manager to escalate their privileges on the system.

Dell PowerProtect Data Domain BoostFS versions 7.7.1.0 through 8.5, 8.3.1.0 through 8.3.1.20, and 7.13.1.0 through 7.13.1.50 are vulnerable to an insufficiently protected credentials vulnerability, allowing a low-privileged attacker with local access to expose credentials and potentially gain elevated privileges.

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions 7.7.1.0 through 8.5, 8.3.1.0 through 8.3.1.20, and 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability (CVE-2026-23853) that can lead to unauthorized access by a local attacker.

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to arbitrary file read due to insufficient path traversal sanitization, allowing authenticated attackers to read sensitive files from the WordPress host.

Vault instances configured to pass through the 'Authorization' header may forward Vault tokens to auth plugin backends when the header is used for authentication, potentially leading to token compromise; this vulnerability is tracked as CVE-2026-4525 and patched in versions 2.0.0, 1.21.5, 1.20.10, and 1.19.16.

A Paperclip-managed `codex_local` runtime can access and utilize Gmail connectors connected in the ChatGPT/OpenAI apps UI without explicit Paperclip configuration, allowing unauthorized mailbox access and email sending capabilities due to a trust-boundary failure and dangerous default runtime settings.

Flowise is vulnerable to SSRF protection bypass via unprotected built-in HTTP modules in the custom function sandbox, allowing authenticated users to access internal network resources by exploiting the lack of SSRF protection on Node.js `http`, `https`, and `net` modules.

A middleware bypass vulnerability (CVE-2026-33804) exists in @fastify/middie versions 9.3.1 and earlier when the deprecated Fastify ignoreDuplicateSlashes option is enabled, potentially allowing unauthorized access.

Weblate versions prior to 5.17 are vulnerable to improper privilege management due to an API endpoint failing to properly limit the scope of edits, potentially leading to unauthorized modifications.

A missing authorization vulnerability in the Plisio Accept Cryptocurrencies with Plisio WordPress plugin (versions up to 2.0.5) allows attackers to bypass payment verification due to incorrectly configured access control security levels.

Mirax RAT, a new Android RAT distributed as MaaS, is targeting European users by turning infected devices into residential proxy nodes and enabling credential theft via overlay and notification injection.

A coordinated campaign uses 108 malicious Chrome extensions to steal user data, inject ads, and establish backdoors on over 20,000 systems via a shared command-and-control infrastructure.

A type confusion vulnerability in Google Chrome's Turbofan component (CVE-2026-6301) allows a remote attacker to execute arbitrary code within a sandbox by exploiting a crafted HTML page, impacting system integrity and availability.

A remote attacker who has compromised the renderer process in Google Chrome on Windows prior to version 147.0.7727.101 can potentially perform a sandbox escape via a crafted HTML page due to an uninitialized use in accessibility, as tracked by CVE-2026-6311.

Google Chrome versions prior to 147.0.7727.101 are vulnerable to an out-of-bounds write in the GPU process (CVE-2026-6314), allowing a remote attacker with GPU process compromise to potentially perform a sandbox escape via a crafted HTML page.

A use-after-free vulnerability (CVE-2026-6310) in Google Chrome's Dawn component allows a remote attacker, having compromised the renderer process, to potentially execute a sandbox escape via a specially crafted HTML page.

A use-after-free vulnerability in Google Chrome's CSS engine (CVE-2026-6300) allows a remote attacker to execute arbitrary code within a sandbox by exploiting a crafted HTML page.

Digitally signed adware from Dragon Boss Solutions LLC deploys payloads with SYSTEM privileges to disable antivirus protections on thousands of endpoints across education, utilities, government, and healthcare sectors.

Multiple vulnerabilities in Cisco Unity Connection can be exploited by an attacker to conduct cross-site scripting attacks, redirect users to malicious websites, manipulate data, and disclose confidential information.

Multiple vulnerabilities in libssh allow an attacker to manipulate files or cause a denial-of-service condition, potentially leading to data corruption or service disruption.

A remote, authenticated attacker can exploit a vulnerability in Grafana to manipulate files and disclose sensitive information, potentially leading to persistence, unauthorized access, and significant impact.

rsync versions 3.0.1 through 3.4.1 are vulnerable to a use-after-free vulnerability in the receive_xattr function during a qsort call, triggered by an untrusted length value when the -X/--xattrs option is used, potentially leading to code execution.

The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter within 'product_data' of the `/wp-json/InkXEProductDesignerLite/add-item-to-cart` REST API endpoint, allowing unauthenticated attackers to extract sensitive information from the database.

Openfind MailGates/MailAudit is vulnerable to CRLF injection (CVE-2026-6351), enabling unauthenticated remote attackers to read system files by injecting malicious CRLF sequences.

Radare2 before commit 9236f44, when configured on UNIX without SSL, is vulnerable to command injection via a PDB name passed to rabin2 -PP, potentially allowing arbitrary code execution.

The wger application has a broken access control vulnerability in the global gym configuration update endpoint, allowing low-privileged authenticated users to modify installation-wide configuration settings and escalate privileges.

Luanti 5 before 5.15.2 allows unintended access to an insecure environment if a crafted mod intercepts requests when secure mods are enabled, potentially leading to unauthorized access and control.