PT-2026-45789

Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations...

PT-2026-45743

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racquet: from n/a through 1.12.0...

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2026.1.19 contained security vulnerabilities, which stemmed from improper access...

WordPress plugin EventPrime 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Thim Core 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Apache Kafka 安全漏洞

Apache Kafka is an open-source distributed streaming platform developed by the Apache Foundation in the United States. This platform enables the acquisition of real-time data, allowing for the creation of applications that can respond instantly to changes in data streams. There is a security...

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2026.1.19 contained security vulnerabilities. These vulnerabilities stemmed from...

NamelessMC 安全漏洞

NamelessMC is a free, easy-to-use, and powerful website software developed by the NamelessMC team. It’s suitable for your Minecraft server and comes with numerous features. Version 2.2.4 of NamelessMC has a security vulnerability. This vulnerability arises from the getquotes.php script, which onl...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability. This vulnerability stemmed from insufficient execution of the Extensions component’s policies, which could allow attackers to bypass access...

Klaw 访问控制错误漏洞

Klaw is an open-source operating system tool developed by Aiven Open. Versions of Klaw prior to 2.10.4 contained a vulnerability related to access control, which could lead to password hash leaks due to improper access control practices...

Dell ThinOS 10 访问控制错误漏洞

Dell ThinOS 10 is an operating system developed by the American company Dell. Versions prior to Dell ThinOS 10 260210.0765 contained a vulnerability related to access control. This vulnerability stemmed from improper access control mechanisms, which could allow low-privilege attackers with local...

Progress Sitefinity 访问控制错误漏洞

Progress Sitefinity is an open-source platform developed by the American company Progress, used for building corporate websites and internal networks. Versions of Progress Sitefinity from 15.4.8623 to 15.4.8630 contained a vulnerability related to access control. This vulnerability stemmed from...

CVE-2026-25259

Memory corruption while processing multiple IOCTL command for escape operations...

CVE-2026-25258

Memory corruption while processing IOCTL calls for escape operations...

CVE-2026-10299

The CVE affects code-projects Online Hospital Management System 1.0. A flaw in viewdoctortimings.php allows manipulation of the delid parameter, leading to improper control of resource identifiers (an IDOR-like issue) that can be exploited remotely. The exploit is publicly available. The descript...

CVE-2026-10299

A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resource identifiers. The attack can be initiated remotely. The...

CVE-2026-25259

CVE-2026-25259 describes memory corruption that occurs while processing multiple IOCTL commands for escape operations. The issue is characterized as a local attack with low privileges required and no user interaction, with potential high impact to confidentiality, integrity, and availability per ...

CVE-2026-25258 Out-of-bounds Read in DSP Service

Memory corruption while processing IOCTL calls for escape operations...

CVE-2026-25258 Out-of-bounds Read in DSP Service

Memory corruption while processing IOCTL calls for escape operations...

CVE-2025-59610

CVE-2025-59610 represents a memory corruption vulnerability that occurs when processing IOCTL requests with mismatched API versions, caused by concurrent modification of a user-space buffer. The CVSS 3.1 vector (L/H/C/I/A) indicates a Local, High complexity, High privileges required, no user inte...