CVE-2026-44748

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to...

CVE-2026-44748

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to...

CVE-2023-43686

An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. A large number of Firefox preference files can cause the parser to ignore other browser configuration files, leading to a denial of service...

PT-2026-47530

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server Java Web Container affected versions not specified Description An unauthenticated attacker can craft a malicious HTTP logon request that manipulates file inclusion parameters. This enables path traversal, which...

ROS-20260609-73-0025

The vulnerability of the Graphics component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to a numerical overflow condition. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

ROS-20260609-73-0026

Vulnerability of Audio/Video components: Mozilla Firefox, Firefox ESR, and Thunderbird’s email client use web codecs. This vulnerability is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

ROS-20260609-73-0021

The vulnerability of the Canvas2D component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to insufficient testing for unusual or exceptional states. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

CVE-2026-11611

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

ROS-20260608-73-0018

The vulnerability of the Microsoft Visual Studio software development tool and the .NET software platform is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

ROS-20260608-73-0027

The vulnerability of the .NET software platform is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

CVE-2026-34123

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

CVE-2026-34123

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

CVE-2026-6242

An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or notification generation pa...

CVE-2026-34123

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

CVE-2026-36957

Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory...

CVE-2026-2812

ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in disruption of the web-based browsing interface. This...

CVE-2026-9509

An unhandled exception in Suprema BioStar 2 Server, versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remote attacker to cause a denial of service DoS by sending HTTP POST requests to the ‘/api/migration’ endpoint. This request triggers a failure that halts critical processes,...

CVE-2026-44521

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver elFinderVolumeMySQL allows any logged-in user, including users with read-only access to the affected volume, to...

CVE-2026-35676

phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password changes by sendin...

PT-2026-47079

An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or notification generation pa...