CVE-2026-25134 Group-Office Argument Injection in MaintenanceController::actionZipLanguage

Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an action zipLanguage which takes a lang parameter and passes it directly to a system zip command via exec. This can be combined with uploadi...

GHSA-GX3X-VQ4P-MHHV cert-manager-controller DoS via Specially Crafted DNS Response

Impact The cert-manager-controller performs DNS lookups during ACME DNS-01 processing for zone discovery and propagation self-checks. By default, these lookups use standard unencrypted DNS. An attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a...

GO-2026-4378 Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName in github.com/zalando/skipper

Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName in github.com/zalando/skipper...

kernel: Linux kernel: Information disclosure and denial of service in Bluetooth HCI event handling

A flaw was found in the Linux kernel's Bluetooth component. A local attacker with low privileges could exploit a vulnerability in the Host Controller Interface HCI event processing. This issue arises from improper handling of command complete events with unknown opcodes, which can lead to the...

CVE-2022-50980

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...

CVE-2022-50980

CVE-2022-50980 affects Innomic VibroLine VLX and avibia AVLX devices. Affected component is the CAN bus configuration handling, where an unauthenticated adjacent attacker can switch between multiple configuration presets, potentially disrupting operations. The root cause is unauthenticated access...

CVE-2022-50980 Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via CAN

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...

CVE-2022-50980 Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via CAN

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...

CVE-2022-50980

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...

EUVD-2022-55957

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...

kernel: Linux kernel: Information disclosure and denial of service in Bluetooth HCI event handling

A flaw was found in the Linux kernel's Bluetooth component. A local attacker with low privileges could exploit a vulnerability in the Host Controller Interface HCI event processing. This issue arises from improper handling of command complete events with unknown opcodes, which can lead to the...

WordPress Geo Controller plugin <= 8.6.9 - Missing Authorization to Unauthenticated Shortcode Execution vulnerability

Missing Authorization to Unauthenticated Shortcode Execution vulnerability discovered by Lucio Sá in WordPress Plugin Geo Controller versions = 8.6.9...

CVE-2026-1734

A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The...

PT-2026-5725

Name of the Vulnerable Software and Affected Versions Group-Office versions prior to 6.8.150 Group-Office versions prior to 25.0.82 Group-Office versions prior to 26.0.5 Description Group-Office is a customer relationship management and groupware tool. The MaintenanceController includes a...

Innomic VibroLine Series 访问控制错误漏洞

The Innomic VibroLine Series is a professional vibration measurement and analysis system developed by the German company Innomic. The Innomic VibroLine Series has a security access control vulnerability; this vulnerability arises from unverified neighboring attackers who may switch between multip...

PT-2026-5667

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...

CVE-2026-1734

CVE-2026-1734 affects Zhong Bang CRMEB up to 5.6.3, specifically the crontab Endpoint’s CrontabController.php. The root cause is missing authorization in the crontab endpoint, enabling remote exploitation. Public PoC/exploit information appears in the entry and related sources, indicating real-wo...

CVE-2026-1734

A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The...

CVE-2026-1734 Zhong Bang CRMEB crontab Endpoint CrontabController.php authorization

A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The...

EUVD-2026-5107

A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The...