EUVD-2026-34866

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...

CVE-2026-36500

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...

EUVD-2026-34867

An issue in the Externalizable.readExternal component of Controller v12.0.5 allows attackers to cause a Denial of Service DoS via a crafted input...

PT-2026-47009

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...

PT-2026-46957

Ericsson Packet Core Controller PCC versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...

PT-2026-47010

An issue in the Externalizable.readExternal component of Controller v12.0.5 allows attackers to cause a Denial of Service DoS via a crafted input...

Ericsson Packet Core Controller 安全漏洞

Ericsson Packet Core Controller is a packet core controller developed by the Swedish company Ericsson. Versions of Ericsson Packet Core Controller prior to version 1.39 contained security vulnerabilities; these vulnerabilities could lead to service degradation due to the sending of large numbers ...

CVE-2026-36500

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request...

CVE-2026-36500

The CVE-2026-36500 vulnerability affects the cluster-admin:backup-datastore component of Controller v12.0.5, where a crafted request can trigger a directory traversal. This is described across multiple sources (NVD/CVE listings, AttackersKB, CVE list, EUVD) as a vulnerability in that component, w...

CVE-2026-36501

An issue in the Externalizable.readExternal component of Controller v12.0.5 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2026-36501

CVE-2026-36501 affects Controller v12.0.5 in the Externalizable.readExternal() component. The issue allows an attacker to trigger a Denial of Service by supplying a crafted input, as described across multiple sources (Red Hat, NVD, CVE lists, and vendor/third-party references). No exploitation de...

Arcadia Crafty Controller 安全漏洞

Arcadia Crafty Controller is a server management panel developed under the open-source Crafty Controller project. There is a security vulnerability in Arcadia Crafty Controller. This vulnerability stems from a lack of resilience to unexpected messages from connection switches, which may lead to...

Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts

UserController::upsertUser writes user data in SYSTEMSCOPE and does not filter the admin field. A non-admin API user with user:create or user:update ACL permission can set admin: true on new or existing users, escalating to full admin access. The Problem In...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

kernel: Bluetooth: hci_sync: Fix UAF in le_read_features_complete

A flaw was found in the Bluetooth Host Controller Interface HCI synchronization module hcisync of the Linux kernel. A use-after-free UAF vulnerability exists in the lereadfeaturescomplete function, where a freed hciconn object is accessed. This can allow an attacker to cause a system crash, leadi...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 ██████╗██╗ ██╗███████╗ ██╗ ██╗ ██╗...

CVE-2026-8037

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

CVE-2026-3820

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

EUVD-2026-34226

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

PT-2026-46231

Name of the Vulnerable Software and Affected Versions Progress ADC affected versions not specified Description An OS Command Injection flaw in the API of Progress ADC products allows an unauthenticated attacker to execute arbitrary commands on the LoadMaster appliance. This issue is caused by...