CVE-2026-5370

A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the...

CVE-2026-5316

A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setupfree of the file stbvorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor...

PT-2026-28667

Name of the Vulnerable Software and Affected Versions Tenda AC5 version 15.03.06.47 Description A flaw exists in the Tenda AC5 version 15.03.06.47. This issue is located within the formSetCfm function of the /goform/setcfm file, part of the POST Request Handler component. Manipulation of the...

Chromium: CVE-2026-2441 Use after free in CSS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2026-2441 exists in the wild...

EUVD-2026-5775

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420618 of the file /goform/setupnp. This manipulation of the argument upnpenable causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to...

Exploit for CVE-2026-24841

No d...

OPENSUSE-SU-2025:20161-1 Security update for chromium

This update for chromium fixes the following issues: - Chromium 143.0.7499.109 boo1254776: CVE-2025-14372: Use after free in Password Manager CVE-2025-14373: Inappropriate implementation in Toolbar third issue with an exploit is known to exist in the wild...

PT-2025-41334

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 Description A stack-based buffer overflow exists in Tenda AC7 routers. The issue is located in an unknown function within the /goform/saveAutoQos file. Exploitation occurs through manipulation of the enable...

CVE-2025-9417

A weakness has been identified in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /employee/addemployee.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made...

CVE-2025-53770

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this...

CVE-2021-30869

A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may be able to execute...

Linux Distros Unpatched Vulnerability : CVE-2023-5520

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. CVE-2023-5520 Note that Nessus relies on the presence of the package as reported by the vendor...

Linux Distros Unpatched Vulnerability : CVE-2023-5441

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. CVE-2023-5441 Note that Nessus relies on the presence o...

Linux Distros Unpatched Vulnerability : CVE-2020-11763

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. CVE-2020-11763 Not...

Vulnerability fixed in Google Chrome

Google has fixed a vulnerability in Chrome. A malicious party could exploit the vulnerability to cause a buffer overflow and thereby potentially execute arbitrary code with privileges of the victim, or possibly gain access to sensitive data in the context of the browser. Google states that it is...

PT-2024-21274 · Unknown · Mqtt Stack

The MQTT stack is susceptible to an unauthenticated remote attack due to improper input validation, allowing an attacker to write memory out of bounds. The brute force attack is not always successful because of memory randomization. An exploit for this issue may exist, with potential links to the...

Vulnerabilities fixed in ConnectWise ScreenConnect

Connectwise has fixed vulnerabilities in ScreenConnect. A unauthenticated malicious person could exploit the vulnerabilities to create a new administrator account. An exploit is available that makes the chance of exploitation significant. At this no CVEs have yet been assigned to the...

PT-2023-6945 · Microsoft · Windows Search Service +5

Name of the Vulnerable Software and Affected Versions: Windows Search Service versions prior to the fixed version Description: The issue is related to synchronization errors when using a shared resource, specifically a "race condition" situation. This can allow an attacker to elevate their...