Cve

Cap-go versions prior to 12.128.2 are susceptible to an authentication bypass vulnerability (CVE-2026-56073) in OTP verification that allows attackers to manipulate server responses to falsely mark verification successful, leading to unauthorized 2FA enablement and subsequent account takeover.

A critical improper authentication vulnerability, CVE-2026-45480, in Microsoft Azure Active Directory allows an unauthorized attacker to bypass authentication mechanisms and elevate privileges over a network, potentially leading to full administrative control of Azure AD and associated resources.

An unauthenticated attacker can trigger a denial-of-service condition in applications using the Faraday Ruby library by sending deeply nested query parameters (CVE-2026-54297), leading to `SystemStackError` and application crashes due to uncontrolled recursion.

An unauthenticated information disclosure vulnerability (CVE-2023-54357) in the Joomla com_booking component version 2.4.9 allows attackers to enumerate user accounts, including names, usernames, and email addresses, by exploiting the getUserData function via specific GET requests.

An unauthenticated attacker can exploit CVE-2017-20267, an SQL injection vulnerability in Joomla! Component Calendar Planner 1.0.1, by sending malicious GET requests to the 'events' view via the 'category_id' parameter, allowing for sensitive database information extraction.

An SQL injection vulnerability, CVE-2017-20266, in Joomla SP Movie Database version 1.3 allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the `searchword` parameter in GET requests to the `searchresults` view, enabling extraction of sensitive database information.

An SQL injection vulnerability, CVE-2017-20265, in Joomla! Component Flip Wall 8.0 allows unauthenticated attackers to execute arbitrary SQL queries via malicious GET requests to the `wallid` parameter, enabling the extraction of sensitive database information.

An unauthenticated SQL injection vulnerability (CVE-2017-20264) in Joomla! Component Sponsor Wall version 8.0 allows attackers to execute arbitrary SQL queries by injecting malicious code into the `wallid` parameter of GET requests to `index.php`, leading to the extraction of sensitive database information such as credentials and configuration data.

An unauthenticated SQL injection vulnerability, CVE-2017-20262, in Joomla! Component Ajax Quiz version 1.8 allows attackers to execute arbitrary SQL queries by injecting malicious code through the `cid` parameter in GET requests to `index.php` with `option=com_ajaxquiz` and `view=ajaxquiz`, leading to extraction of sensitive database information.

An unauthenticated attacker can exploit CVE-2017-20261, a critical SQL injection vulnerability in Joomla! Component Bargain Product VM3 1.0, by injecting malicious code into the 'product_id' parameter within GET requests to the 'brainy' or 'alice' views, allowing them to execute arbitrary SQL queries and extract sensitive database information.

An unauthenticated SQL injection vulnerability (CVE-2017-20259) in Joomla OSDownloads version 1.7.4 allows attackers to execute arbitrary SQL queries via a crafted GET request to index.php, extracting sensitive database information like credentials and configuration data.

Unauthenticated attackers can exploit an SQL injection vulnerability (CVE-2017-20258) in Joomla! Component RPC Responsive Portfolio 1.6.1 by injecting malicious code through the 'id' parameter in GET requests, allowing the execution of arbitrary SQL queries and extraction of sensitive database information.

An unauthenticated SQL injection vulnerability (CVE-2017-20257) in Joomla! Component Quiz Deluxe 3.7.4 allows attackers to execute arbitrary SQL commands and extract sensitive information via the `ajaxaction.flag_question` task using `stu_quiz_id` or `flag_quest` parameters.

CVE-2017-20256 describes an SQL injection vulnerability in Joomla Survey Force Deluxe 3.2.4 that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'invite' parameter in GET requests, enabling the extraction of sensitive database information.

An unauthenticated SQL injection vulnerability (CVE-2017-20255) in Joomla! Component JB Visa 1.0 allows attackers to execute arbitrary SQL queries by injecting malicious code via the 'visatype' parameter in GET requests to 'index.php?option=com_bookpro&view=popup', leading to the extraction of sensitive database information including credentials.

An unauthenticated attacker can exploit CVE-2017-20254, an SQL injection vulnerability in the Joomla! Component User Bench 1.0, by sending crafted HTTP GET requests to extract sensitive database information including credentials and configuration data.

An unauthenticated SQL injection vulnerability (CVE-2017-20253) in Joomla! Component My Projects 2.0 allows attackers to execute arbitrary SQL queries via the 'VerAyari' parameter, leading to the extraction of sensitive database information including credentials and system data.

Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability (CVE-2017-20252) that allows unauthenticated attackers to execute arbitrary SQL commands through the `plname` parameter in crafted GET requests to `index.php?option=com_nge&view=config`, leading to the extraction of sensitive database information.

An attacker can exploit CVE-2026-55883, a Cross-site WebSocket Hijacking vulnerability in Tilt versions 0.24.0 through 0.37.3, by acquiring an unauthenticated CSRF token or bypassing Origin header checks, to establish a WebSocket connection to a network-exposed Tilt HUD and exfiltrate sensitive developer session state, Tiltfile contents, and resource statuses.

OpenMed before 1.5.2 is vulnerable to remote code execution (CVE-2026-47117) due to broad substring matching in the PII privacy-filter model loading path, allowing an unauthenticated attacker to execute arbitrary code by supplying a malicious Hugging Face model repository containing custom Transformers code.

A critical vulnerability, CVE-2026-46376, exists in FreePBX due to the use of hard-coded credentials in the User Control Panel (UCP) generic template setup process, allowing an unauthenticated, remote attacker to gain unauthorized access to user accounts and manipulate user settings if default template credentials are not immediately changed by the administrator after enabling UCP.

CVE-2026-24090 is a cryptographic issue in Qualcomm chipsets while processing partition table entries, allowing unauthorized modification of the boot flow due to missing authentication for critical functions.

CVE-2026-24089 describes a memory corruption vulnerability in processing fastboot commands with invalid input, potentially leading to arbitrary code execution on affected devices and requiring physical access to trigger.

CVE-2025-59604 is a memory corruption vulnerability due to invalid writes caused by a null pointer when running a memory copy operation, potentially leading to arbitrary code execution, as reported by Qualcomm.

A stack-based buffer overflow vulnerability (CVE-2026-10292) exists in the strcpy function of /goform/formTaskEdit in UTT HiPER 1200GW up to version 2.5.3-170306, allowing for remote code execution.

A stack-based buffer overflow vulnerability (CVE-2026-10293) exists in UTT HiPER 1200GW up to version 2.5.3-170306 due to the strcpy function in /goform/formFireWall, allowing remote exploitation via manipulation of the Profile argument.

A SQL injection vulnerability exists in code-projects Hotel and Tourism Reservation System version 1.0 due to improper sanitization of the 'tour' GET parameter in the tour.php file, potentially allowing remote attackers to execute arbitrary SQL queries.

Banana Slides version 0.4.0 contains a path traversal vulnerability (CVE-2026-49136) in the generate_image() function that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete path prefix check.

CodexBar versions prior to 0.32.0 contain a privilege escalation vulnerability (CVE-2026-49134) due to a race condition in the CLI installer's temporary file handling, allowing local attackers to execute arbitrary commands as root.

SourceCodester SEO Meta Tag Extractor 1.0 is vulnerable to server-side request forgery (SSRF) via manipulation of the 'url' argument in the get_headers function of the /index.php file, potentially allowing a remote attacker to make requests to internal or external systems.

A remote code injection vulnerability (CVE-2026-10220) exists in NousResearch hermes-agent versions up to 2026.4.30, affecting the _serve_plugin_skill/skill_view function in tools/skills_tool.py, potentially allowing attackers to inject arbitrary code.

A stack-based buffer overflow vulnerability exists in Tenda W12 version 3.0.0.7(4763) in the `set_local_time_0` function, which allows a remote attacker to execute arbitrary code by manipulating the Time argument.

CVE-2026-10178 is a remote SQL injection vulnerability in code-projects Online Music Site 1.0, affecting the /Administrator/PHP/AdminEditAlbum.php file due to manipulation of the ID argument.

CVE-2025-23167 describes a request smuggling vulnerability in Node.js 20's HTTP parser due to improper header termination, allowing attackers to bypass proxy access controls.

CVE-2026-42015 is a memory corruption vulnerability due to an off-by-one error in PKCS#12 bag handling in GnuTLS.

A stack-based buffer overflow vulnerability (CVE-2026-10123) exists in TRENDnet TEW-432BRP version 3.10B20 within the formSetDomainFilter function, allowing a remote attacker to execute arbitrary code by manipulating specific arguments in a request to /goform/formSetDomainFilter.

A stack-based buffer overflow vulnerability (CVE-2026-10125) exists in the formPPPoESetup function of the /goform/formPPPoESetup file in Edimax BR-6478AC version 1.23, allowing a remote attacker to execute arbitrary code by manipulating the pppUserName argument in a POST request; a public exploit is available.

A stack-based buffer overflow vulnerability exists in Shibby Tomato up to version 1.28 in the rip_zebra_read_ipv4 function within the /usr/sbin/ripd component (Zserv Handler), allowing a remote attacker to execute arbitrary code.

Yot CMS 3.3.1 is vulnerable to SQL injection, allowing unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters in GET requests, potentially leading to database information disclosure.

Gate Pass Management System 2.1 is vulnerable to SQL injection via the login-exec.php endpoint, allowing unauthenticated attackers to bypass authentication and gain unauthorized access to the application by injecting SQL code in the login and password parameters.

MOGG web simulator Script is vulnerable to SQL injection (CVE-2018-25422), allowing unauthenticated attackers to execute arbitrary SQL commands via the id parameter in play.php, potentially leading to sensitive data extraction.

AiOPMSD Final 1.0.0 is vulnerable to SQL injection via the 'id' parameter in the watch.php script, allowing unauthenticated attackers to send crafted GET requests with SQL payloads to extract sensitive database information.

SIM-PKH version 2.4.1 is vulnerable to SQL injection (CVE-2018-25410), allowing an authenticated attacker to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter via a crafted GET request, potentially leading to database information disclosure.

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability (CVE-2018-25409) that allows authenticated attackers to upload malicious PHP files via the fupload parameter through the aksi_pengurus.php endpoint, leading to remote code execution.

Delta Sql version 1.8.2 contains an arbitrary file upload vulnerability (CVE-2018-25412) that allows unauthenticated attackers to upload malicious files via crafted POST requests, potentially leading to remote code execution.

The GEO my WP plugin for WordPress is vulnerable to SQL Injection (CVE-2026-9757) via the 'swlatlng' and 'nelatlng' parameters, allowing unauthenticated attackers to extract sensitive information from the database by injecting SQL queries into a BETWEEN clause.

CVE-2026-7459 is an authenticated account takeover vulnerability in the Simple History WordPress plugin where a subscriber-level user can read password reset emails and escalate privileges to an administrator account.

An unauthenticated user can modify existing Formie submissions by posting a known or guessed submission ID to `formie/submissions/save-submission`, affecting versions prior to 2.2.21 and versions 3.0.0 to 3.1.26.

TRENDnet TEW-432BRP version 3.10B20 is vulnerable to a stack-based buffer overflow via manipulation of the ip/mask/gateway arguments in the formSetRoute function of the /goform/formSetRoute file, enabling remote attackers to potentially execute arbitrary code.

DreamMaker by Interinfo is vulnerable to arbitrary file read via relative path traversal, allowing unauthenticated attackers to download arbitrary system files.

A public exploit has been published for CVE-2026-44596, a vulnerability in yamcs-core where the /auth/token authentication endpoint lacks rate limiting, allowing unauthenticated remote attackers to perform unlimited password guessing attempts against any user account, fixed in version 5.12.7.

CVE-2026-42965 describes a server-side request forgery (SSRF) vulnerability in the OpenShift Router where a user with EndpointSlice write access can expose instance credentials by creating a service that proxies requests to a cloud metadata endpoint.

CVE-2026-46185 is an out-of-bounds read vulnerability in the SMB client component within the symlink_data() function, potentially leading to information disclosure or denial of service.

Microsoft published information regarding CVE-2026-46153, a vulnerability in 8021q that allows deleting cleared egress QoS mappings.

CVE-2026-46107 is a reported vulnerability in dm-thin, leading to a metadata refcount underflow.

CVE-2026-46837 is a SQL injection vulnerability in Oracle Flow Manufacturing within Oracle E-Business Suite versions 12.2.9 through 12.2.15, allowing a low-privileged attacker with network access to potentially take over the application.

CVE-2026-46835 is an easily exploitable vulnerability in Oracle Database Server's Net Service component, affecting versions 23.4.0 to 23.26.2, allowing an unauthenticated attacker with network access via TLS to cause a complete denial-of-service (DoS).

CVE-2026-46828 is an easily exploitable vulnerability in Oracle Payroll versions 12.2.3-12.2.15, allowing a low-privileged attacker with network access via HTTP to perform unauthorized creation, deletion, or modification of critical payroll data, as well as gain unauthorized access to sensitive information.

CVE-2026-46827 allows a low-privileged attacker with network access via HTTP to compromise Oracle Payroll versions 12.2.3 through 12.2.15, leading to a potential system takeover.

CVE-2026-46823 is an easily exploitable vulnerability in Oracle Public Sector Financials (International) versions 12.2.6-12.2.15, allowing a low privileged attacker with network access via HTTPS to gain unauthorized access to critical data or complete access to all accessible data, potentially impacting additional products.

CVE-2026-46821 is an easily exploitable vulnerability in Oracle Financials Common Modules of Oracle E-Business Suite versions 12.2.3-12.2.15, allowing a low-privileged attacker with network access via HTTP to gain unauthorized access to critical data.

CVE-2026-46820 is a vulnerability in Oracle Financials Common Modules within Oracle E-Business Suite versions 12.2.3-12.2.15, allowing a low-privileged attacker with network access via HTTP to gain unauthorized access to critical data and modify some data, resulting in a confidentiality and integrity impact.

CVE-2026-46818 is a vulnerability in Oracle Payments within Oracle E-Business Suite (versions 12.2.3-12.2.15) that allows an unauthenticated attacker with network access via HTTPS to compromise the system, leading to unauthorized data access and modification.

CVE-2026-35277 is a vulnerability in Oracle REST Data Services (Core) versions 24.2.0 to 26.1.0 that allows a low-privileged attacker with network access via HTTPS to compromise the system, leading to unauthorized data access, creation, deletion, or modification.

CVE-2026-46839 is an easily exploitable vulnerability in Oracle REST Data Services versions 24.2.0 through 26.1.0, allowing a low-privileged attacker with network access via HTTPS to compromise the service, potentially impacting other products and leading to a complete takeover.

CVE-2026-46833 allows an unauthenticated attacker with network access via TLS to compromise the Net Service component of Oracle Database Server versions 23.4.0 through 23.26.2, potentially leading to takeover of the Net Service and significant impact on other products.

CVE-2026-46824 allows a low-privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue versions 12.2.3-12.2.15, potentially leading to takeover and impact on additional products.

CVE-2026-46819 is a critical vulnerability in Oracle Internet Procurement Connector versions 12.2.3-12.2.15 that allows an unauthenticated attacker with network access via HTTP to compromise the system, leading to unauthorized data access, modification, or deletion.

CVE-2026-46817 is a critical vulnerability in Oracle Payments component of Oracle E-Business Suite versions 12.2.3 through 12.2.15, allowing an unauthenticated attacker with network access via HTTP to compromise the application and potentially achieve complete takeover.

CVE-2026-46775 is a critical vulnerability in Oracle REST Data Services (Core component) versions 24.2.0-26.1.0, allowing a low-privileged attacker with network access via HTTPS to achieve complete takeover of the service and potentially impact other products.

CVE-2026-34311 allows an unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services, potentially resulting in complete takeover of the application in versions 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6, and 5.6.28.

phpMyFAQ before 4.1.3 is vulnerable to an unauthenticated password reset, allowing attackers to change account passwords without token validation by sending crafted PUT requests to the /api/index.php/user/password/update endpoint.

CVE-2026-8380 is a critical authorization bypass vulnerability in the WordPress Frontend File Manager plugin <= 23.6 that allows authenticated low-privilege users, or unauthenticated users with guest uploads enabled, to permanently delete arbitrary WordPress posts, pages, attachments, and custom post types.

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2, allowing attackers to create administrator accounts by injecting a custom form configuration with a spoofed role field.

CVE-2026-4408 describes a remote command execution vulnerability in Samba file servers and classic domain controllers where a misconfigured 'check password script' feature, using the %u substitution character without proper escaping, allows attackers to execute arbitrary commands.

The SlimStat Analytics plugin for WordPress is vulnerable to stored cross-site scripting (XSS) via the User-Agent header, allowing unauthenticated attackers to inject arbitrary web scripts if the 'show_complete_user_agent_tooltip' setting is enabled.

The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF), leading to arbitrary file deletion via SQL injection and PHP object injection due to missing nonce verification and unsafe deserialization, allowing attackers to delete arbitrary files on the server.

Microsoft published CVE-2025-71305, addressing a vulnerability related to insufficient protection against zero VCPI values in DisplayPort Multi-Stream Transport (MST), although specifics on exploitation and impact are not detailed in the provided source.

CVE-2026-45843 is a Microsoft vulnerability with unspecified details at the time of this brief.

CVE-2026-45571 is a vulnerability in go-git that allows crafted repositories to modify main and submodule .git directories, potentially leading to arbitrary code execution or information disclosure.

CVE-2026-45932 is a vulnerability affecting the bpf component, related to tcx/netkit detach permissions when the prog fd isn't given, requiring a security update from Microsoft.

FUXA v1.3.0-2773 is vulnerable to unauthenticated project data disclosure (CVE-2026-47717) via the /api/project endpoint, exposing sensitive configuration data like scripts and device settings, even with security enabled.

Nx Console contained an embedded malicious code vulnerability (CVE-2026-48027) which allowed a malicious version of the extension to be published and harvest credentials from disk and memory.

IBM Aspera High-Speed Transfer Endpoint and Server versions 3.7.4 through 4.4.7 Fix Pack 1 are vulnerable to a denial-of-service (DoS) attack where an unauthenticated user can crash the asperahttpd service.

IBM Controller versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2 are vulnerable to hard-coded credentials (CVE-2026-5065), potentially allowing unauthorized access and control of the application.

IBM InfoSphere Optim Test Data Fabrication versions 1.0.0 through 1.0.2.7 are susceptible to a path traversal vulnerability (CVE-2026-3366), allowing a remote attacker to send a specially crafted URL request containing 'dot dot' sequences (/../) to view arbitrary files on the system.

CVE-2026-1933 describes a vulnerability in Samba's handling of NTFS-style reparse points on read-only shares, allowing authenticated users with filesystem write permissions to modify reparse point metadata and potentially alter SMB-visible file behavior.

IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 is vulnerable to CVE-2024-56462, enabling a privileged user to upload a malicious backup archive that, upon restoration, leads to unauthorized access to the underlying operating system.

The affiliate-toolkit plugin for WordPress is vulnerable to remote code execution (CVE-2026-6169) due to the use of the BladeOne templating engine's runString() method, which allows authenticated attackers with Editor-level access or higher to execute arbitrary PHP code by injecting it into a plugin template.

The LiteSpeed Cache plugin for WordPress is vulnerable to stored Cross-Site Scripting (XSS) via the /wp-json/litespeed/v1/notify_ccss and /wp-json/litespeed/v1/notify_ucss REST API endpoints, affecting versions up to 7.7, allowing unauthenticated attackers to inject arbitrary JavaScript into CCSS/UCSS content by bypassing IP-based access controls.

The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation (CVE-2026-8787) where an authenticated attacker with Subscriber-level access can log in as any existing user, including an Administrator, by submitting that user's email address to the `acb_firebase_auth` AJAX action without proper ownership verification, leading to full account takeover.

FUXA server 1.3.0 has an unauthenticated arbitrary tag value disclosure vulnerability (CVE-2026-43946); an authorization bypass in the /api/getTagValue endpoint allows unauthenticated access to tag values when the referenced script does not exist.

A remote attacker can trigger a heap overread in libgnutls by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, potentially leading to information disclosure.

JeecgBoot up to version 3.9.1 is vulnerable to improper access control in the LoginController.selectDepart function, allowing remote attackers to bypass intended restrictions.

A SQL injection vulnerability exists in itsourcecode Student Transcript Processing System 1.0 in the `/admin/modules/class/index.php?view=view` component; the vulnerability is triggered by manipulating the `ID` argument, potentially enabling remote attackers to execute arbitrary SQL commands.

IBM Engineering Lifecycle Management 7.0.3 through Interim Fix 021, 7.1.0 through Interim Fix 009, and 7.2.0 through Interim Fix 001 could allow an attacker with administrative privileges to execute remote code due to an exposed method that is not properly restricted, potentially leading to complete system compromise.

IBM Engineering Lifecycle Management versions 7.0.3 through Interim Fix 021, 7.1.0 through Interim Fix 009, and 7.2.0 through Interim Fix 001 are vulnerable to an unauthenticated remote attacker who can update server property files, leading to unauthorized access to the application.

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 are vulnerable to XML external entity injection (XXE), allowing an authenticated attacker to expose sensitive information or consume memory resources.

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can trigger a memory corruption vulnerability (CVE-2026-7452) allowing arbitrary code execution in the context of the application.

IBM HTTP Server 8.5 and 9.0 are vulnerable to remote code execution and denial of service in configurations utilizing TLS mutual authentication (client authentication).

IBM HTTP Server 8.5 and 9.0 are vulnerable to a denial-of-service (DoS) attack due to a flaw in the optional `mod_mem_cache` module that can be triggered remotely.

IBM HTTP Server versions 8.5 and 9.0 are susceptible to an invalid pointer dereference, potentially allowing a privileged, authenticated user to expose sensitive information or cause a denial of service.

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can trigger CVE-2026-7454, a memory corruption vulnerability allowing arbitrary code execution in the context of the current process.

CVE-2026-7451 is an out-of-bounds write vulnerability in Autodesk 3ds Max that can be exploited via a maliciously crafted TIF file, potentially leading to a crash, data corruption, or arbitrary code execution.

A path traversal vulnerability (CVE-2026-9550) exists in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0, allowing remote attackers to access sensitive files by manipulating the path argument in the /SubstationWEBV2/app/..;/main/upfile component.

A stack-based buffer overflow vulnerability (CVE-2026-9481) exists in the formStats function of the /goform/formStats file in Edimax EW-7438RPn version 1.31, allowing a remote attacker to execute arbitrary code by manipulating the submit-url argument.

Edimax EW-7438RPn version 1.31 is vulnerable to a stack-based buffer overflow in the formLicence function of the /goform/formLicence file, allowing remote attackers to execute arbitrary code by manipulating the submit-url argument; a public exploit is available.

A SQL Injection vulnerability exists in itsourcecode Electronic Judging System version 1.0 in the /admin/edit_judge.php file. By manipulating the judge_id argument, an attacker could execute arbitrary SQL commands on the system. The vulnerability can be triggered remotely and has a public exploit available.

A remote code execution vulnerability exists in fraillt bitsery versions up to 5.2.4 due to improper validation of input in the `loadFromSharedState` function, potentially leading to arbitrary code execution.

A vulnerability in hemant6488 CodeIgniter-StudentManagementSystem allows remote attackers to perform improper access controls by manipulating the /index.php/students/addStudentView file, with a publicly available exploit and no vendor response.

A SQL injection vulnerability (CVE-2026-9474) exists in the StudentManagementSystem application, specifically affecting the confirm_logged_in function within the /studentdel.php file, allowing remote attackers to execute arbitrary SQL commands by manipulating the ID parameter.

Edimax EW-7438RPn version 1.31 is vulnerable to a stack-based buffer overflow (CVE-2026-9462) in the `formWpsProxyEnable` function of `/goform/formWpsProxyEnable`, triggered by manipulating the `submit-url` argument, allowing remote attackers to execute arbitrary code; a public exploit is available.

Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability (CVE-2018-25376) in the registration dialog, allowing local attackers to execute arbitrary code by overwriting the SEH chain.

CuteFTP 5.0 XP is vulnerable to a buffer overflow (CVE-2018-25366), allowing local attackers to execute arbitrary code by injecting a malicious payload into the Site Manager label field.

Twitter-Clone 1 is vulnerable to SQL injection via the userid parameter in follow.php, allowing attackers to manipulate database queries and extract sensitive information such as usernames, passwords, and database credentials.

AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability (CVE-2018-25360) in the Trace Route host name field, allowing local attackers to execute arbitrary code by triggering structured exception handling.

Splinterware System Scheduler Pro 5.12 is vulnerable to privilege escalation (CVE-2018-25359) due to insecure file permissions, allowing low-privilege users to replace the service executable with a malicious one, leading to arbitrary code execution as LocalSystem.

A stack-based buffer overflow vulnerability (CVE-2026-9459) exists in the formConnectionSetting function of /goform/formConnectionSetting in Edimax EW-7438RPn 1.31, allowing a remote attacker to execute arbitrary code by manipulating the max_Conn/timeOut arguments, with a public exploit available.

A command injection vulnerability (CVE-2026-9453) exists in FoundDream miniclawd, where manipulation of the requires.bins argument in /src/application/skills-loader.ts allows remote command execution, and the exploit is publicly available.

A remote stack-based buffer overflow vulnerability (CVE-2026-9431) exists in the fromPptpUserAdd function of the /goform/PptpUserAdd file in Tenda F1202 firmware version 1.2.0.20(408), allowing unauthenticated attackers to potentially execute arbitrary code.

A stack-based buffer overflow vulnerability (CVE-2026-9430) exists in Tenda F1202 version 1.2.0.20(408) due to manipulation of the 'dips' argument in the 'formGstDhcpSetSer' function of '/goform/GstDhcpSetSerof', allowing remote code execution.

A stack-based buffer overflow vulnerability exists in Edimax EW-7438RPn version 1.31 in the formHwSet function of the /goform/formHwSet file, which can be triggered by manipulating the Anntena/Mcs/regDomain/nic0Addr/nic1Addr/wlanAddr/wanAddr/wlanSSID/wlanChan/initgain/txcck/txofdm/submit-url argument, potentially leading to remote code execution.

Totolink A8000RU version 7.1cu.643_b20200521 is vulnerable to remote command injection via the setOpenVpnCfg function, allowing unauthenticated attackers to execute arbitrary commands on the device.

Totolink A8000RU version 7.1cu.643_b20200521 is vulnerable to command injection via the setStaticDhcpRules function in the /cgi-bin/cstecgi.cgi file, allowing remote attackers to execute arbitrary OS commands by manipulating the 'enable' argument, and a public exploit is available.

CVE-2026-42901 is an origin validation error in Microsoft Entra ID that allows an unauthorized attacker to elevate privileges over a network, potentially granting them unauthorized access and control.

CVE-2026-41104 is a critical vulnerability in Microsoft Planetary Computer Pro that allows an unauthorized attacker to disclose information over a network by deserializing untrusted data.

CVE-2026-41090 is a command injection vulnerability in Microsoft Copilot, allowing an unauthorized attacker to perform tampering over a network.

CVE-2026-40412 is a critical vulnerability in Azure Orbital Spatio that allows an unauthenticated attacker to execute arbitrary code over a network by uploading a file with a dangerous type.

CVE-2026-23652 is a critical command injection vulnerability in Microsoft Power Pages, allowing an unauthorized attacker to execute arbitrary code over the network by injecting commands.

CVE-2026-44930 is an LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF that may allow an attacker to retrieve arbitrary certificates from the repository.

CVE-2026-9397 describes an improper authorization vulnerability in Besen BS20 EV Charging Station up to version 20260426, allowing remote attackers to gain unauthorized privileges via the OTA Update Installation Handler.

A remote buffer overflow vulnerability (CVE-2026-9381) exists in the `formPPPoESetup` function of the Edimax BR-6675nD 1.12 router's web management interface, allowing unauthenticated attackers to potentially execute arbitrary code by manipulating the `pppUserName` argument in a POST request.

A vulnerability in NousResearch hermes-agent up to version 2026.4.16 allows for remote exploitation of the execute_code function, leading to a sandbox escape.

NousResearch hermes-agent up to version 5157f5427f19488b31c6fdebbacd15d798ce7f63 is vulnerable to OS command injection (CVE-2026-9367) in the `detect_dangerous_command` function allowing a remote attacker to execute arbitrary commands.

A remote injection vulnerability exists in NousResearch hermes-agent 2026.4.23 within the _scan_context_content function of the agent/prompt_builder.py file, allowing attackers to inject malicious code.

A remote code injection vulnerability (CVE-2026-9353) exists in NousResearch hermes-agent up to version 2026.4.23, allowing attackers to inject malicious code by manipulating the THREAT_PATTERNS argument in the Skills Guard Multi-Word Prompt Handler component.

A missing authorization vulnerability (CVE-2026-9350) exists in NousResearch hermes-agent up to version 2026.4.16, affecting the `check_all_command_guards` function in `tools/approval.py` of the Batch Runner component, enabling remote attackers to bypass authorization checks.

SIPp 3.6 and earlier contains a local buffer overflow vulnerability (CVE-2018-25356) in command-line argument handling, allowing local attackers to potentially crash the application or execute arbitrary code by supplying oversized input to the -3pcc, -i, or -log_file parameters.

Audiograbber 1.83 contains a local buffer overflow vulnerability (CVE-2018-25355) allowing attackers to execute arbitrary code by exploiting structured exception handling mechanisms through crafted input in the Interpret or Album fields.

A buffer overflow vulnerability (CVE-2026-9294) exists in the formWanTcpipSetup function of the /goform/formWanTcpipSetup file in Edimax BR-6428NS 1.10, which can be triggered by a remote attacker manipulating the pppUserName argument via a POST request, potentially leading to arbitrary code execution.

The WishList Member plugin for WordPress is vulnerable to Missing Authorization, allowing attackers to obtain the REST API Secret Key and escalate privileges to administrator.

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints, allowing an attacker to cause a denial of service via crafted oversized HTTP requests.

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate file ownership and access control, allowing an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs.

CVE-2026-1502 is a critical vulnerability in Microsoft HTTP client proxy tunnel header validation, potentially allowing for CR/LF injection attacks.

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress versions up to 3.1.65 is vulnerable to an authorization bypass (CVE-2026-9011) that allows unauthenticated attackers to retrieve the full content of non-public Dittys by exploiting the ditty_init AJAX endpoint.

CVE-2026-9018 allows unauthenticated attackers to escalate privileges to administrator by exploiting a vulnerability in the Easy Elements for Elementor plugin, which lacks proper input validation during user registration.

Network-AI is vulnerable to an unauthenticated cross-origin attack due to an empty default secret and permissive CORS configuration, allowing an attacker to lure a user to a malicious web page and invoke MCP tools like config_set, agent_spawn, and blackboard_write against a default-configured localhost server.

Open ISES Tickets before version 3.44.2 contains hardcoded MySQL database credentials in loader.php, allowing an attacker with access to the source code or the file on a deployed installation to read the username, password, and database name and use them to connect to the database (CVE-2026-48241).

Open ISES Tickets before version 3.44.2 is vulnerable to SQL injection (CVE-2026-48238) because the id GET parameter in ajax/mobile_main.php is concatenated into the WHERE clause of a SELECT statement without sanitization, allowing authenticated attackers to craft requests that can read, modify, or destroy database contents.

A public exploit is available for CVE-2026-9082, a SQL injection vulnerability in Drupal Core affecting PostgreSQL-backed sites running versions 8.0 through 11.3.9, allowing unauthenticated users to potentially achieve data exfiltration, privilege escalation, and remote code execution.

CVE-2026-5118 is a critical vulnerability in the Divi Form Builder WordPress plugin (versions 5.1.2 and earlier) that allows unauthenticated attackers to create administrator accounts directly through the registration form, leading to full site takeover.

A heap-based buffer overflow vulnerability exists in MediaArea MediaInfoLib's handling of LXF elements, potentially leading to arbitrary code execution when processing maliciously crafted media files; assigned CVE-2026-28764, CVSS 7.8.

CVE-2026-45736 is an uninitialized memory disclosure vulnerability affecting Microsoft products, potentially allowing an attacker to read sensitive information from process memory.

CVE-2026-44390 is a denial-of-service vulnerability in Microsoft products due to unbounded name compression.

Microsoft disclosed CVE-2026-42944, a heap overflow vulnerability related to the processing of multiple NSID, COOKIE, and PADDING EDNS options in an unspecified product.

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability (CVE-2026-9139) in the embedded web configuration interface, allowing unauthenticated attackers with network access to recover administrative credentials directly from client-side JavaScript and gain full administrative access to the device.

CVE-2026-41091 is a link following vulnerability in Microsoft Defender that allows an authorized attacker to escalate privileges locally.

CVE-2008-4250 is a buffer overflow vulnerability in the Microsoft Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request during path canonicalization.

Microsoft Internet Explorer is vulnerable to a use-after-free vulnerability (CVE-2010-0249) that allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object.

CVE-2026-5783 is a reflected cross-site scripting (XSS) vulnerability in Beyaz Computer Software Design Industry and Trade Ltd. Co. CityPLus before version V24.29750.1.0, allowing attackers to inject malicious scripts into web pages viewed by users.

CVE-2026-20206 describes a command injection vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent where an authenticated remote attacker with transaction test management privileges could execute arbitrary commands within the BrowserBot container as the node user.

CVE-2026-20223: An unauthenticated, remote attacker can access Cisco Secure Workload site resources with Site Admin privileges by sending a crafted API request, due to insufficient validation and authentication of REST API endpoints.

BIND servers configured for TKEY-based authentication using GSS-API tokens are susceptible to excessive memory consumption upon receiving and processing crafted packets, impacting availability.

A race condition in ISC BIND can lead to a use-after-free vulnerability (CVE-2026-5947) when handling SIG(0) signed DNS messages, potentially leading to undefined behavior.

A use-after-free vulnerability in the DNS-over-HTTPS implementation of BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1 could allow an attacker to cause a denial of service or potentially execute arbitrary code.

The Boost plugin for WordPress is vulnerable to time-based SQL Injection (CVE-2026-9010) via the 'current_url' and 'user_name' parameters in versions up to 2.0.3, allowing unauthenticated attackers to extract sensitive information from the database due to insufficient input sanitization.

The Account Switcher plugin for WordPress is vulnerable to privilege escalation (CVE-2026-6456) due to a loose comparison and lack of validation on the `rememberLogin` REST API endpoint, allowing authenticated attackers to gain administrator privileges.

The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file upload (CVE-2026-6555) due to a validation mismatch, allowing unauthenticated attackers to upload malicious PHP files leading to remote code execution.

Caddy Defender versions before v0.10.1 are vulnerable to a client IP bypass (CVE-2026-46415) when deployed behind a trusted proxy, allowing blocked clients to bypass Defender's IP-based restrictions.

The Kirki plugin for WordPress is vulnerable to arbitrary file deletion via CVE-2026-8073 due to insufficient file path validation and a missing capability check in the 'downloadZIP' function, allowing unauthenticated attackers to delete files within the WordPress uploads directory.

Windmill versions prior to 1.703.2 are vulnerable to incorrect default permissions in the nsjail sandbox configuration, allowing authenticated users to inject malicious entries into critical system files, leading to potential privilege escalation and man-in-the-middle attacks.

ZKTeco CCTV cameras are vulnerable to authentication bypass due to an undocumented configuration export port that does not require authentication and exposes critical information about the camera, such as open services and account credentials, as tracked by CVE-2026-8598.

NGINX JavaScript is vulnerable to a heap buffer overflow (CVE-2026-8711) when the js_fetch_proxy directive is configured with client-controlled variables and ngx.fetch(), allowing unauthenticated attackers to cause worker process restarts or, with ASLR disabled, code execution via crafted HTTP requests.

Funnel Builder for WooCommerce Checkout versions prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and inject malicious JavaScript, impacting checkout page visitors.

HestiaCP versions 1.2.0 through 1.9.4 are vulnerable to IP spoofing (CVE-2026-43634), allowing unauthenticated remote attackers to bypass authentication security controls by manipulating the CF-Connecting-IP HTTP header to circumvent fail2ban, bypass IP allowlists, and poison authentication logs.

The zrok Python SDK `ProxyShare` is vulnerable to server-side request forgery (SSRF) via CVE-2026-45568. When a user sends a request with an absolute URL in the path, the Flask handler passes that path to `urllib.parse.urljoin`, which replaces the configured target host with the user-supplied host, causing the proxy to send the request to an attacker-chosen URL.

HestiaCP versions 1.9.0 through 1.9.4 are vulnerable to unauthenticated remote code execution due to a deserialization flaw in the web terminal component (CVE-2026-43633), stemming from a session format mismatch between PHP and Node.js, allowing attackers to inject malicious data via HTTP headers.

A vulnerability in Keycloak's URL validation allows attackers to redirect users to unauthorized URLs by exploiting discrepancies in the handling of the user-info component within URLs, potentially leading to sensitive information exposure.

Microsoft published information regarding CVE-2026-7168, a cross-proxy Digest authentication state leak.

A heap buffer over-write vulnerability exists in ImageMagick's IPL decoder when processing multiple images of different dimensions, affecting Magick.NET packages prior to version 14.13.1 and potentially leading to arbitrary code execution.

A tampering vulnerability exists in .NET 8.0, .NET 9.0, and .NET 10.0 due to improper handling of specially crafted files, potentially allowing an attacker to write arbitrary files and directories to specific locations on a vulnerable system with limited control over the destination.

A prototype pollution vulnerability exists in the @tmlmobilidade/utils package before version 20260509.0340.15, specifically affecting the setValueAtPath() function, potentially leading to denial of service or arbitrary code execution.

A SQL injection vulnerability (CVE-2026-8785) exists in the getAllPatientDetail function of the update_info.php file in projectworlds hospital-management-system-in-php version 1.0, allowing remote attackers to execute arbitrary SQL commands via the 'appointment_no' GET parameter.

CVE-2026-8759 is a remote code execution vulnerability in xiandafu beetl up to 3.20.2, stemming from improper neutralization of special elements within the SpELFunction component, enabling remote exploitation.

Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability (CVE-2018-25323) that allows local attackers to execute arbitrary code by supplying a malicious payload via the License Name field.

Zechat 1.5 is vulnerable to SQL injection in the v parameter (CVE-2018-25339), allowing unauthenticated attackers to extract database information using time-based blind techniques.

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities, allowing attackers to inject malicious code through profile fields and POST parameters, potentially leading to information disclosure or arbitrary code execution.

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability (CVE-2018-25335) that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint, leading to potential code execution.

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability (CVE-2018-25332) allowing attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality via a malicious JAR plugin.

A deserialization vulnerability exists in h2oai's h2o-3 up to version 7402, specifically within the importBinaryModel function of the h2o-core/src/main/java/hex/Model.java file's JAR Handler component, allowing remote exploitation through manipulation.

The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin is vulnerable to privilege escalation (CVE-2026-8719) due to missing capability enforcement, allowing authenticated users (Subscriber+) to invoke admin-level MCP tools and gain administrator privileges.

Fuel CMS 1.4.13 is vulnerable to blind SQL injection via the 'col' parameter in the Activity Log interface, allowing authenticated attackers to manipulate database queries and extract information through time-based delays (CVE-2021-47980).

WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability (CVE-2021-47975) that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter via a POST request to the jslm_fieldordering page, resulting in arbitrary JavaScript execution when administrators view the field ordering interface.

phpMyFAQ before 4.1.2 is vulnerable to improper restriction of excessive authentication attempts in the /admin/check endpoint, allowing unauthenticated attackers to brute-force any user's six-digit TOTP code and bypass two-factor authentication, potentially gaining full administrative access (CVE-2026-45010).

A man-in-the-middle attacker within the TI network can exploit CVE-2026-45575 in com.oviva.telematik:epa4all-client versions prior to 1.2.2 to substitute a forged discovery document and capture signed authentication material.

Marten versions up to 8.36 are vulnerable to SQL injection due to the `regConfig` parameter in full-text search APIs not being properly validated or parameterized, allowing attackers to inject arbitrary SQL commands by manipulating the `regConfig` parameter, potentially leading to information disclosure, data manipulation, or denial-of-service; version 8.36.1 addresses this vulnerability.

Open WebUI versions prior to 0.8.6 contain a vulnerability in the chat completion API that allows attackers to bypass tool restrictions by invoking any server tool with elevated privileges by supplying the correct tool_id or tool_servers parameters; this issue is tracked as CVE-2026-45350.

ApostropheCMS is vulnerable to account takeover due to a weak password recovery mechanism; the password reset flow constructs the reset URL using `req.hostname`, derived from the attacker-controlled HTTP `Host` header when `apos.baseUrl` is not explicitly configured, enabling account takeover if the victim clicks a malicious password reset link.

CVE-2025-15024 is a code injection vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc.'s Library Automation System that allows for Remote Code Inclusion in versions from v.19.5 before v.22.1.

Siemens Ruggedcom Rox is vulnerable to improper access control, allowing an authenticated remote attacker to read arbitrary files with root privileges from the underlying operating system's filesystem via the web server's JSON-RPC interface, as tracked by CVE-2025-40948.

Siemens Opcenter RDnL is vulnerable to missing authentication in critical function (CVE-2026-27446), where an unauthenticated attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker, potentially leading to availability impacts and message injection.

Strapi versions prior to 5.37.0 are vulnerable to an unauthenticated boolean-oracle attack against private fields on the joined `admin_users` table, including the `resetPasswordToken` field, via the 'where' query parameter on publicly accessible content-types; extracting an admin reset token via this oracle makes full administrative account takeover possible without authentication.

CVE-2026-4031 is an authorization bypass vulnerability in the Database Backup for WordPress plugin (<= 2.5.2) that allows unauthenticated attackers to intercept database backup files by manipulating the backup directory via the wp_db_temp_dir parameter, leading to sensitive information exposure.

The Database Backup for WordPress plugin before 2.5.3 is vulnerable to unauthenticated arbitrary file read and deletion due to improper authorization checks and user-controlled backup directories, leading to sensitive information exposure and potential site takeover on WordPress Multisite environments.

The Database Backup for WordPress plugin up to version 2.5.2 is vulnerable to unauthorized database export due to improper authorization enforcement, allowing unauthenticated attackers to export database tables in WordPress Multisite environments.

APPYAP Technology and Information Inc.'s Yaay Social Media App, versions 3.8.0 through 24102025, contains an authorization bypass vulnerability (CVE-2025-12008) that allows unauthorized access to functionality due to improperly constrained access control lists (ACLs).

CVE-2026-2347 describes an authorization bypass vulnerability through a user-controlled key in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website before version 4.5.001, which could lead to session hijacking.

CVE-2025-11024 is a critical SQL injection vulnerability affecting Akilli Commerce Software Technologies Ltd. Co.'s E-Commerce Website before version 4.5.001, allowing for blind SQL injection.

The InfusedWoo Pro plugin for WordPress is vulnerable to arbitrary file read in versions up to 5.1.2, allowing unauthenticated attackers to make web requests to arbitrary locations, potentially querying and modifying information from internal services.

The InfusedWoo Pro plugin for WordPress is vulnerable to an authorization bypass (CVE-2026-6512) in versions up to 5.1.2, allowing unauthenticated attackers to delete posts, pages, products, orders, comments, and change post statuses.

CVE-2026-6282 describes a potential improper file path validation vulnerability in Lenovo Personal Cloud Storage devices, allowing a remote authenticated user to move or access files belonging to other users.

NGINX Plus and NGINX Open Source are vulnerable to a heap buffer overflow (CVE-2026-42945) due to crafted HTTP requests when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed PCRE capture with a replacement string that includes a question mark, potentially leading to denial of service or code execution.

CVE-2026-42920 describes a vulnerability where undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate when a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server.

CVE-2026-42406 allows a highly privileged, authenticated attacker with the Certificate Manager role to modify configuration objects in F5 BIG-IP and BIG-IQ systems, leading to arbitrary command execution.

CVE-2026-41227 describes a vulnerability in an F5 Networks product where undisclosed traffic on an HTTP/2 virtual server with Layer 7 DoS Protection enabled can lead to increased memory consumption and termination of the Traffic Management Microkernel (TMM) process.

CVE-2026-41218 describes a vulnerability in F5 BIG-IP PEM iRules where undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate, leading to a denial-of-service condition.

CVE-2026-41217 is a vulnerability in an undisclosed F5 BIG-IP TMOS Shell (tmsh) command that allows an authenticated attacker with resource administrator or administrator role to execute arbitrary system commands with higher privileges, potentially crossing a security boundary in Appliance mode deployments.

CVE-2026-40629 describes a vulnerability in F5 Networks products where, when SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections, leading to a denial of service.

CVE-2026-40618 describes a vulnerability in F5 BIG-IP Virtual Edition (VE) where specific traffic can cause the Traffic Management Microkernel (TMM) to terminate when an SSL profile is configured without Intel QuickAssist Technology (QAT) or with crypto.hwacceleration disabled, potentially leading to a denial-of-service.

CVE-2026-40423 describes a vulnerability in F5 Networks products where undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate when a SIP profile is configured on a virtual server, leading to a denial-of-service condition.

CVE-2026-40061 is a vulnerability in F5 BIG-IP DNS that allows an authenticated attacker with Resource Administrator or Administrator privileges to execute arbitrary system commands with elevated privileges via undisclosed iControl REST and TMOS Shell (tmsh) commands, potentially crossing security boundaries in Appliance mode deployments.

CVE-2026-39459 describes a vulnerability in F5's iControl REST and TMOS Shell (tmsh) where a privileged, authenticated attacker with at least the Manager role can execute arbitrary commands by creating malicious configuration objects.

CVE-2026-39455 describes a denial-of-service vulnerability in the BIG-IP Configuration utility when configured with LDAP authentication, where undisclosed traffic can cause the httpd process to exhaust file descriptors.

CVE-2026-34176 is an authenticated remote command injection vulnerability in an undisclosed iControl REST endpoint when running in Appliance mode, allowing an attacker to cross a security boundary.

CVE-2026-32643 describes a vulnerability in F5 BIG-IP and BIG-IQ systems that allows a highly privileged, authenticated attacker with the Certificate Manager role to modify configuration objects, leading to arbitrary command execution.

CVE-2026-20916 describes a vulnerability in F5 BIG-IQ where an authenticated user with low privileges can create or modify arbitrary files via an undisclosed iControl REST endpoint, potentially leading to privilege escalation or system compromise.

Huawei HG630 V2 router contains an authentication bypass vulnerability (CVE-2020-37220) that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number via the `/api/system/deviceinfo` endpoint and using the last 8 characters as the default password.

CVE-2026-41225 allows a highly privileged, authenticated attacker with at least the Manager role to create configuration objects in F5 iControl REST, leading to arbitrary command execution.

Systempay 1.0 contains a weak cryptographic implementation vulnerability (CVE-2020-37168) allowing attackers to brute-force the production secret key, forge payment signatures, and manipulate transaction amounts.

CVE-2026-0259 allows a low-privileged user to read sensitive information and delete arbitrary files on Palo Alto Networks WildFire WF-500 and WF-500-B appliances running in the default non-FIPS configuration.

CVE-2026-0264 is a heap-based buffer overflow vulnerability in Palo Alto Networks PAN-OS DNS proxy and DNS server features, allowing an unauthenticated attacker with network access to cause denial of service or potentially execute arbitrary code by sending crafted network traffic.

A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS allows a malicious authenticated administrator to inject a JavaScript payload via the web interface, potentially impacting other administrators.

CVE-2026-0261 describes multiple command injection vulnerabilities in Palo Alto Networks PAN-OS software that allow an authenticated administrator to bypass system restrictions and execute arbitrary commands as root.

A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database, potentially leading to sensitive data exposure, data modification, and privilege escalation.

CVE-2026-0241 describes multiple incorrect authorization vulnerabilities in Palo Alto Networks Trust Protection Foundation that allow attackers to bypass access controls and perform unauthorized actions on restricted resources.

A local privilege escalation vulnerability exists in Palo Alto Networks Prisma Access Agent versions prior to 26.2.1 on Linux, macOS, and Windows, allowing a locally authenticated non-administrative user to gain root or NT AUTHORITY\SYSTEM privileges and execute arbitrary code.

The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection (CVE-2026-7635), allowing unauthenticated attackers to inject a crafted PHP serialized payload via the User-Agent header, leading to a persistent Denial of Service condition.

CVE-2026-43894 is a vulnerability related to jq involving a wild stack write via signed-integer overflow in the decNumber D2U() macro.

Heym before 0.0.21 contains an authorization bypass vulnerability (CVE-2026-45226) that allows authenticated users to execute arbitrary workflows by referencing victim workflow UUIDs, leading to exposure of outputs and unintended side effects.

Wing FTP Server 8.1.2 contains an authenticated remote code execution vulnerability (CVE-2026-44403) in the session serialization mechanism, allowing administrators to inject arbitrary Lua code and achieve remote code execution.

CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are susceptible to an uncontrolled resource consumption vulnerability, potentially leading to a denial-of-service condition by exhausting system resources.

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, and 2.4.4-p17 and earlier are vulnerable to a denial-of-service due to a dependency on a vulnerable third-party component, which an attacker can exploit to crash the application without user interaction.

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are susceptible to an uncontrolled resource consumption vulnerability (CVE-2026-34650) that allows an unauthenticated attacker to cause a denial-of-service condition by exhausting system resources.

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability (CVE-2026-34645) that could allow an attacker to bypass security measures and gain unauthorized write access without user interaction.

Adobe Substance3D Designer versions 15.1.0 and earlier are susceptible to an out-of-bounds write vulnerability (CVE-2026-34682) that can lead to arbitrary code execution if a user opens a specially crafted malicious file.

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability (CVE-2026-34660) that could lead to arbitrary code execution through malicious script injection, requiring user interaction.

CVE-2026-40410 is a use-after-free vulnerability in the Windows SMB Client that allows an authorized attacker to elevate privileges locally.

CVE-2026-42893 is a command injection vulnerability in M365 Copilot that allows an unauthorized attacker to perform tampering over a network.

CVE-2026-42831 is a heap-based buffer overflow vulnerability in Microsoft Office, allowing a local attacker to execute arbitrary code with a CVSS score of 7.8.

CVE-2026-42825 is a use-after-free vulnerability in the Windows Telephony Service that allows an authorized, local attacker to elevate privileges.

CVE-2026-41611 is a cross-site scripting (XSS) vulnerability in Visual Studio Code that allows an attacker to execute code locally due to improper neutralization of script-related HTML tags.

CVE-2026-41109 describes an improper neutralization of special elements in output used by a downstream component ('injection') vulnerability in GitHub Copilot and Visual Studio, allowing an unauthorized attacker to bypass a security feature over a network.

CVE-2026-41101 is a vulnerability in Microsoft Office Word due to improper access control, which allows an authorized attacker to perform spoofing locally, with a CVSS v3.1 base score of 7.1.

CVE-2026-41094 is a code injection vulnerability in Microsoft Data Formulator, allowing an unauthorized attacker to execute arbitrary code over a network.

CVE-2026-41088 is a vulnerability in Windows Ancillary Function Driver for WinSock that allows an authorized attacker to elevate privileges locally due to external control of file name or path.

CVE-2026-40418 is a use-after-free vulnerability in Microsoft Office Click-To-Run that allows an authorized attacker to elevate privileges locally.

CVE-2026-40417 is a privilege escalation vulnerability affecting Microsoft Dynamics Business Central due to weak authentication, allowing an authorized attacker to elevate privileges locally.

A null pointer dereference vulnerability exists in Windows TCP/IP, allowing an unauthorized attacker on an adjacent network to cause a denial-of-service condition.

CVE-2026-40413 is a null pointer dereference vulnerability in Windows TCP/IP that allows an unauthenticated attacker on an adjacent network to cause a denial-of-service condition.

CVE-2026-40408 is a use-after-free vulnerability in Windows Kernel-Mode Drivers, enabling a locally authenticated attacker to elevate privileges.