CVE-2026-10808

The CVE-2026-10808 entry concerns itsourcecode Fees Management System 1.0. A SQL injection vulnerability exists in the /manage_student.php script, triggered by manipulating the ID parameter. This affects an unknown function within that file. The issue allows remote exploitation, and a public expl...

L-Soft LISTSERV 16.5 - Cross-Site Scripting

The REPORT after z but before a parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL. id: CVE-2023-27641 info: name: L-Soft LISTSERV 16.5 - Cross-Site Scripting author: ritikchaddha severity: medium description: | The REPORT after z but...

Joomla! Component OrgChart 1.0.0 - Local File Inclusion

A directory traversal vulnerability in the OrgChart comorgchart component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1878 info: name: Joomla! Component OrgChart 1.0.0 - Local File Inclusion author:...

Photon OS 5.0: Expat PHSA-2026-5.0-0862

An update of the expat package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0862. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

PT-2026-46381

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

Microsoft Threatening Security Researcher

An anonymous security researcher called "Nightmare Eclipse" has been publishing a series of significant security exploits against Microsoft Windows--including one that breaks BitLocker. Microsoft has threatened legal action against the researcher. Lots of recriminations are being traded back and...

May Linux Patch Wednesday

May Linux Patch Wednesday. A total of 1,638 vulnerabilities 474 in the Linux kernel. For comparison, in April there were 1,035 vulnerabilities a record!. And this time it turns out to be a record again, more than one and a half times higher! The acceleration is both impressive and alarming. But w...

rConfig <=3.9.4 - SQL Injection

rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10549 info: name: rConfig 3.9.4 or apply th...

Linux Distros Unpatched Vulnerability : CVE-2026-41438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

cve-arsenal

cve-arse...

Sonatype Nexus Repository Manager <3.15.0 - Remote Code Execution

Sonatype Nexus Repository Manager before 3.15.0 is susceptible to remote code execution. id: CVE-2019-7238 info: name: Sonatype Nexus Repository Manager 3.15.0 - Remote Code Execution author: pikpikcu severity: critical description: Sonatype Nexus Repository Manager before 3.15.0 is susceptible t...

Y2X

Y2eXploit Y2X --- Overview Y2eXploit Y2X is an a...

GHSA-MXFR-6HCW-J9RQ Langroid has Prompt to SQL Injection, Leading to RCE

Security Vulnerability Report: Prompt to SQL Injection leading to RCE in latest Langroid Affected Scope langroid @localhost:5432/postgres" Create SQL Chat Agent config = SQLChatAgentConfig databaseuri=DATABASEURI, llm=OpenAIGPTConfig apibase=os.getenv"bas...

Exploit-Framework

Exploit Framework !License: MIThttps://img.shields.io/bad...

exploits

Exploits Exploits and proof-of-concept code from the team at...

exploits

exploits CVE explai...

icg-hackathon-api-server-exploits

No d...

lpe-toolkit

Linux LPE Toolkit Multi-architecture privilege escalation too...

Microsoft Defender vulnerabilities are being exploited in the wild

Two Microsoft Defender vulnerabilities are being actively exploited in the wild. On May 20, 2026, the Cybersecurity and Infrastructure Security Agency CISA added a notable set of actively exploited vulnerabilities to its Known Exploited Vulnerabilities KEV catalog. The KEV catalog tracks...

Securing the gaming culture of cultures

The Deputy CISO blog series is where Microsoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...