IServ Schoolserver User Enumeration

IServ Schoolserver suffers from a user enumeration vulnerability. The vendor does not feel this is an issue...

CVE-2026-11408 vertex-app vertex Log Viewer Endpoint LogMod.js os command injection

A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. Th...

CVE-2026-10725

Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per index...

CVE-2026-10725

creationtimestamp| type| source ---|---|--- 2026-06-06 10:16:19+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mnmgcrwzlv2y...

CVE-2026-11406 GL.iNet MT3000 OpenVPN Client Import Workflow ovpnclient.sh command injection

A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...

CVE-2026-10725

Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per index...

CVE-2026-8839

creationtimestamp| type| source ---|---|--- 2026-06-06 09:04:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnmccb2drp2v...

CVE-2026-9016

creationtimestamp| type| source ---|---|--- 2026-06-06 08:49:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnmbhfnw6f2n...

CVE-2026-8611

creationtimestamp| type| source ---|---|--- 2026-06-06 08:40:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnmawrkz5b2d...

CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as...

AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. The same week, Google shipped Chrome 149 with patches for...

Exploit for Heap-based Buffer Overflow in Mediatek Mt6890_Firmware

CVE-2026-20452 — MediaTek WLAN AP Heap Overflow PoC Proof of...

CVE-2024-52011 vulnerabilities

Vulnerabilities for packages: langfuse, langfuse-fips...

CVE-2026-48961

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

CVE-2026-36785

creationtimestamp| type| source ---|---|--- 2026-06-06 06:35:21+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116701770935130535...

BELL-CVE-2026-46272

Bulletin has no description...

BELL-CVE-2026-46270

Bulletin has no description...

BELL-CVE-2026-46263

Bulletin has no description...

BELL-CVE-2026-46269 CVE-2026-46269 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2026-46265

Bulletin has no description...