CVE-2026-11748

A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate t...

MeteoBridge <= 6.1 - Remote Code Execution

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.This web interface exposes an endpoint that is vulnerable to command injection.Remote...

CVE-2026-11748

The CVE affects centraldogma-server-auth-shiro

EUVD-2026-38200

A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=pingconfig of the component API Endpoint. This manipulation of the argument destination causes os command injection. The attack is possible to be carried o...

EUVD-2026-38198

A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be...

EUVD-2026-38196

A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. Th...

EUVD-2026-38195

A vulnerability was identified in Edimax BR-6478AC V2 1.23. Affected is the function wiz5in1redirect of the file /goform/wiz5in1redirect of the component POST Request Handler. Such manipulation of the argument newpass leads to command injection. The attack can be launched remotely. The exploit is...

CVE-2026-12822

A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but did not respond in...

CVE-2026-12815

A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of the component Image Name Handler. Such manipulation leads to os command injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in an...

CVE-2025-66389

GitHub Copilot 1.372.0 is affected. The flaw allows filesystem access outside the workspace folder via a file-handler URI parameter to fetch_webpage, without user approval. This could enable exfiltration if an indirect prompt injection occurs. The CVSS 3.1 base score is 7.5 (HIGH) with network at...

PT-2026-51281

Name of the Vulnerable Software and Affected Versions Apache Doris MCP Server versions prior to 0.6.1 Description A SQL injection exists in a metadata query path where a user-controlled database name is directly interpolated into a SQL query. The query is executed without the caller's authorizati...

PT-2026-51371

Name of the Vulnerable Software and Affected Versions TP-Link routers affected versions not specified Description Insufficient validation of externally supplied DHCP option data in the DHCP option processing logic allows an adjacent, unauthenticated attacker to execute arbitrary commands with...

EUVD-2025-210298

GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder without user approval via a file-handler URI parameter to fetchwebpage. Therefore, exfiltration could occur if there is indirect prompt injection...

PT-2026-51293

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description Multiple core controllers and model capture paths accept client-controlled request fields, including primary keys id and ownership or scope foreign keys such as event id, org id, user id, sharin...

PT-2026-51375

Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite WMS versions prior to 2605 Description An improper neutralization of special elements used in an SQL command, known as SQL Injection, allows a low privileged attacker with remote access to potentially gain unauthoriz...

PT-2026-51283

Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.2.0 through 2.9.0 Description Improper escaping of database table names in the CaptureChangeMySQL Processor allows for the injection of SQL commands through crafted naming. This issue affects installations utilizing the...

Linux Distros Unpatched Vulnerability : CVE-2026-50269

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker- controlled input included into multipart/payload...

CVE-2026-12822 langflow-ai langflow Bundle URL Loader code injection

A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but did not respond in...

CVE-2026-12822

Langflow AI (langflow) up to v1.9.3 is affected by CVE-2026-12822 due to a vulnerability in the Bundle URL Loader component leading to local code injection. The attack requires local access; the exact vulnerable function is unspecified. Vendor did not respond to disclosure. CVSS data indicate a M...

CVE-2026-12822

A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but did not respond in...