CVE-2026-12020

Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-45177

Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to...

ExploitOracle

No d...

-cybersec-bad-folio

cy...

BIT-MILVUS-2026-10814 milvus-io milvus Grantee ID Hash kv_catalog.go weak hash

A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kvcatalog.go of the component Grantee ID Hash Handler. The manipulation leads to use of weak hash. The attack needs to be performed locally. The...

threat_detection

No d...

EUVD-2026-36236

A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attac...

AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.

For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer was what made that...

SUSE CVE-2026-49219

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched i...

overflow_exploit_framework

kernel-research — Framework CVE overflow Usage éducatif uni...

CVE-2026-38581

SQL Injection vulnerability in damasac thaipalliativelte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php line 14 and the id parameter line 49. The parameters are concatenated directly into SQL queries without...

ROS-20260611-73-0013

The vulnerability of the GlyphAlloc function in the RDP client of FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

PT-2026-48767

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.115 Description A use after free issue in the Autofill component on Mac allows a remote attacker to potentially exploit heap corruption, which occurs when a program continues to use a pointer after it...

PT-2026-48786

Name of the Vulnerable Software and Affected Versions Tapo C110 v2 Description A format string injection exists in the ONVIF service due to improper handling of user-controlled input. Externally controlled data is interpreted as a format string, allowing for the manipulation of stack memory,...

PT-2026-48717

Name of the Vulnerable Software and Affected Versions PenguinMod-BackendApi versions prior to 1.0.0 Description A NoSQL injection—a method of attacking non-relational databases by manipulating queries—exists in the password reset endpoint. This allows an authenticated user with a registered accou...

Linux Distros Unpatched Vulnerability : CVE-2026-11774

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packe...

CVE-2026-47975

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

CVE-2026-44801

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

CVE-2026-42987

Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network...

CVE-2026-42909

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...