CVE-2026-50206 VPN Command Injection Vulnerability

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...

EUVD-2026-34218

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...

CVE-2026-50206

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...

CVE-2026-50206

CVE-2026-50206 affects VPN network profile handling where special characters in config files are not safely processed, enabling command injection. Root cause: improper sanitization or parsing of config entries leads to execution of injected commands when reading malicious config files. Documented...

CVE-2026-50205

CVE-2026-50205 describes a vulnerability where system log files output unencrypted SMTP server authentication passwords along with sensitive employee identifiers. The brief does not specify affected products, vendors, or versions. Impact is stated as high confidentiality exposure (log leakage of ...

Stored Cross-Site Scripting (XSS) via uploaded files served inline in FileField and ImageField

More info at https://github.com/EasyCorp/EasyAdminBundle/security/advisories/GHSA-8559-gwj3-q37r...

CVE-2026-44917

OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxetemplate...

CVE-2026-49187 Hard-coded APK Resource Credentials & Scepters

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...

Adobe ColdFusion - Arbitrary File Read

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary...

Apache Flink 1.5.1 - Local File Inclusion

Apache Flink 1.5.1 is vulnerable to local file inclusion because of a REST handler that allows file uploads to an arbitrary location on the local file system through a maliciously modified HTTP HEADER. id: CVE-2020-17518 info: name: Apache Flink 1.5.1 - Local File Inclusion author: pdteam severit...

SUSE CVE-2022-46295

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to...

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

PT-2026-46111

Name of the Vulnerable Software and Affected Versions SP Project & Document Manager versions prior to 4.72 Description Unauthorized access is possible due to a missing capability check in the view file function. Unauthenticated attackers can read file metadata and obtain download links for...

CVE-2026-36180

CVE-2026-36180 affects GNCC GP5 v7.1.76. The issue is a lack of runtime integrity that lets physically-proximate attackers bypass read-only protections via a bind-mount attack, enabling modification of system files and binaries for the duration of a boot session. Documents consistently describe t...

PT-2026-46394

Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.221 Description A path traversal issue allows attackers to escape the workspace boundary by providing symlinks that resolve to files or directories outside the designated workspace root. By exploiting the...

PT-2026-46159

The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...

PT-2026-46210

Joomla com jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field 2 parameter to delete...

PT-2026-46211

Mobatek MobaXterm 12.1 contains a structured exception handling SEH based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the...

EUVD-2026-34202

OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxetemplate...

CVE-2026-44917

OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxetemplate...