CVE-2026-0261

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security ri...

CVE-2026-50232

Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when user...

CVE-2026-50232

Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when user...

CVE-2026-9039 Initialization of a resource with an insecure default in XCharge C6

A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default...

Taiko AG1000-01A SMS Alert Gateway 信任管理问题漏洞

The Taiko AG1000-01A SMS Alert Gateway is an industrial communication gateway device developed by Taiko Company in Singapore. It supports SMS-based alert notifications and remote event messaging. Both the Rev 7.3 and Rev 8 versions of the Taiko AG1000-01A SMS Alert Gateway contain vulnerabilities...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability stems from an access control flaw in the Account Resources user lookup endpoint. It allows remote authenticated users who have at least one...

EUVD-2026-30107

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security ri...

CVE-2026-0261

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security ri...

PT-2026-38459

Name of the Vulnerable Software and Affected Versions Yarbo firmware version 2.3.9 Description The firmware contains hardcoded administrative credentials embedded in the image. These credentials are identical across all devices and cannot be modified or removed by end users, allowing unauthorized...

Cisco Adaptive Security Appliance (ASA) Software TCP Flood DoS (cisco-sa-asa-dos-FCvLD6vR)

According to its self-reported version, Cisco ASA Software is affected by a vulnerability. - A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause incoming TCP S...

Belden Hirschmann HiEOS LRS11 安全漏洞

Belden Hirschmann HiEOS LRS11 is an industrial Ethernet switch operating system platform developed by the American company Belden. Versions of Belden Hirschmann HiEOS LRS11 prior to 01.1.00 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of authentication ...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the restore process. An attacker can gain unauthorized administrative privileges by uploading a crafted SQLite database file, allowing access to user management, audit logs, debug endpoints, and operato...

EUVD-2026-15278

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible oob access in mt7996macwritetxwi80211 Check frame length before accessing the mgmt fields in mt7996macwritetxwi80211 in order to avoid a possible oob access...

Tenda W15E 安全漏洞

The Tenda W15E is a wireless router produced by the Chinese company Tenda. The Tenda W15E V02.03.01.26cn version contains a security vulnerability. This vulnerability stems from improper access control, which may allow unverified attackers to download configuration files containing plaintext...

Improper Handling of Insufficient Permissions or Privileges

Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges incomplete revocation of API key permissions during the user demotion process. An attacker can maintain unauthorized access to upload-request management and log viewing endpoin...

Improper Handling of Insufficient Permissions or Privileges

Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges incomplete revocation of API key permissions during the user demotion process. An attacker can maintain unauthorized access to upload-request management and log viewing endpoin...

CVE-2026-20082

A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly. This vulnerability is due to improper handling of new,...

CVE-2026-20082

The CVE-2026-20082 entry describes a vulnerability in Cisco Secure Firewall ASA software related to embryonic TCP connection handling under SYN flood conditions. An unauthenticated remote attacker can send crafted traffic to the device, causing incorrect dropping of incoming TCP SYNs destined to ...

Cisco Secure Firewall Adaptive Security Appliance Software TCP Flood Denial of Service Vulnerability

A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly. This vulnerability is due to improper handling of new,...

CVE-2025-57784

CVE-2025-57784 refers to a Tomahawk authentication timing attack in the Hiawatha webserver (version 11.7) caused by the use of strcmp in the admin handling path, which could enable a local attacker to access the management client. The Red Hat and CVE records corroborate the issue as a local-timin...