CVE-2026-49959

Hermes WebUI prior to 0.51.311 is affected by a remote code execution vulnerability. Authenticated attackers can trigger arbitrary commands by placing a malicious executable Git configuration in a workspace repo’s .git/config. The issue arises from Git subprocess invocations in api/workspace_git....

Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code

Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963 , the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote code execution RCE o...

Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues

Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. "Our priority is to protect customers and the broader ecosystem...

Exploit for CVE-2017-20251

CVE-2017-20251: Insert PHP Plugin PHP Code Injection Vulne...

CVE-2026-24064

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...

CVE-2026-24180

NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

CVE-2026-24180

NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

CVE-2026-24180

CVE-2026-24180 affects NVIDIA DALI. The bulletin and CVE list describe a heap-based buffer overflow in a DALI component that could enable code execution, data tampering, denial of service, and information disclosure. Affected versions are 0.0–2.0, with the security update addressing this issue in...

CVE-2026-24181

NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

CVE-2026-24181

NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

CVE-2026-24181

CVE-2026-24181 affects NVIDIA DALI. The issue is due to improper index validation in a component, enabling a local attacker with low privileges and user interaction to potentially cause code execution, data tampering, DoS, or information disclosure. NVIDIA’s security bulletin confirms the vulnera...

Vulnerabilities found in Ivanti Sentry

Ivanti has identified two vulnerabilities in Sentry. The first vulnerability is rated by Ivanti with a CVSS score of 10. An unauthorized malicious actor can execute arbitrary code with root privileges through this vulnerability. The second vulnerability is rated with a CVSS score of 9.9. This...

CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

CVE-2026-45447

OpenSSL CVE-2026-45447: A use-after-free in PKCS7_verify() can occur when processing PKCS#7/S-MIME SignedData with an empty digestAlgorithms ASN.1 SET, causing the caller-owned BIO to be freed incorrectly and potentially leading to a crash, heap corruption, or remote code execution. Affected: Ope...

CVE-2026-0414 Arbitrary Code Execution vulnerability exists in RBE970

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

CVE-2026-0414 Arbitrary Code Execution vulnerability exists in RBE970

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

CVE-2026-0414

NETGEAR RBE970 has a CVE-2026-0414 vulnerability described as an insuff icient input validation that lets authenticated administrators on the local network make unauthorized modifications to router software and functionality. Affected product: NETGEAR RBE970. Impact: modification of software and ...

CVE-2026-9213 Insufficient input validation in certain NETGEAR routers

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper traffic between the router and the Internet, to execute code on the device...

CVE-2026-9213

CVE-2026-9213 affects NETGEAR gaming routers. The issue stems from insufficient input validation, enabling an attacker who can intercept traffic between the router and the Internet to execute code on the device. Documented impact includes high confidentiality and integrity impact with network-exp...