CVE-2025-20068

Improper input validation in the UEFI ImcErrorHandler module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via...

CVE-2026-31833 Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering

Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overly permissive attributeNameCheck configuration /.+/ in the UFM DOMPurify instance, event handler...

EUVD-2026-10836

In MMDATAIND of cnNrSmMsgHdlrFromMM.cpp, there is a possible EoP due to memory corruption. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-31822 Sylius has a XSS vulnerability in checkout login form

Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is...

CVE-2026-0110

In MMDATAIND of cnNrSmMsgHdlrFromMM.cpp, there is a possible EoP due to memory corruption. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0110

In MMDATAIND of cnNrSmMsgHdlrFromMM.cpp, there is a possible EoP due to memory corruption. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0110

In MMDATAIND of cnNrSmMsgHdlrFromMM.cpp, there is a possible EoP due to memory corruption. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

GO-2026-4631 PinchTab has SSRF with Full Response Exfiltration via Download Handler in github.com/pinchtab/pinchtab

PinchTab has SSRF with Full Response Exfiltration via Download Handler in github.com/pinchtab/pinchtab...

CVE-2026-23239

In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcpclose This issue was discovered during a code audit. After cancelworksync is called from espintcpclose, espintcptxwork can still be scheduled from paths such as the Delayed ACK handler or...

CVE-2026-23239 espintcp: Fix race condition in espintcp_close()

In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcpclose This issue was discovered during a code audit. After cancelworksync is called from espintcpclose, espintcptxwork can still be scheduled from paths such as the Delayed ACK handler or...

CVE-2026-3786

A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument order results in sql injection. The attack can be launched remotely. The exploit...

SUSE CVE-2026-3731

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...

Google Pixel 安全漏洞

The Google Pixel is a smartphone produced by Google Inc. The Google Pixel has a security vulnerability, which stems from memory corruption in the usimSendMCCMNCIndMsg function, leading to out-of-bounds writes and potentially allowing for elevation of physical permissions...

ROS-20260310-73-0039

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to data type conversion errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

EUVD-2025-208453

A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/startwindows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUISECRETKEY leads to insufficiently random values. It is possible to launch the attack...

CVE-2025-15603

...

CVE-2025-15603

...

CVE-2025-15603

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor explains: "The 't0p-s3cr3t' default was dead code on every supported startup path: start.sh, startwindows.ba...

CVE-2026-3748

A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the component SVG File Handler. Performing a manipulation results in unrestricted upload. Remote exploitati...

CVE-2026-3725

A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the function freemarkerResolverContent of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/mail/MailService.java of the component FreeMarker Template Handler. Executing a manipulation of th...