CVE-2026-6853 OTP Bypass in Başbelen Group's Pause+ Mobile App

Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass. This issue affects Pause+ Mobile App: from v1.0.6 before v1.5...

CVE-2026-6853 OTP Bypass in Başbelen Group's Pause+ Mobile App

Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass. This issue affects Pause+ Mobile App: from v1.0.6 before v1.5...

CVE-2026-9271 KeepInMind - Dashboard Notes < 0.8.4.2 - Contributor+ Stored XSS

Vulnerability Title...

WordPress WP Maps plugin < 4.9.3 - Subscriber+ Local File Inclusion vulnerability

Subscriber+ Local File Inclusion vulnerability discovered by Mustafa Ahmed in WordPress Plugin WP Maps versions 4.9.3...

WordPress WP Photo Album Plus plugin < 9.1.11.001 - Unauthenticated SQL Injection via 'wppa-supersearch' Parameter vulnerability

Unauthenticated SQL Injection via 'wppa-supersearch' Parameter vulnerability discovered by Daniel Púa - devploit in WordPress Plugin WP Photo Album Plus versions 9.1.11.001...

Joern 4.0.556

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

Ubuntu 20.04 LTS : Linux kernel (AWS FIPS) vulnerabilities (USN-7392-4)

"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7392-4 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cau...

ROOT-APP-NPM-CVE-2025-1302 CVE-2025-1302 in @rootio/jsonpath-plus - Patched by Root

Root has patched CVE-2025-1302 in the @rootio/jsonpath-plus package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2024-21534 CVE-2024-21534 in @rootio/jsonpath-plus - Patched by Root

Root has patched CVE-2024-21534 in the @rootio/jsonpath-plus package for Root:npm. Multiple fixed versions available...

Exploit for CVE-2026-52885

TOCTOU: HMAC Checks Disk, Executes from Memory Notepad++ v8...

CVE-2026-41006 Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration

Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consulting Jackson access-control annotations. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3...

ROS-20260609-73-0014

The vulnerability of the ngxhttprewritemodule module in NGINX Plus and NGINX Open Source web servers is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +2483 more potentially affected by CVE-2026-46340 via io.netty:netty-transport-sctp (>=4.0.0.Beta1 <=4.1.134.Final)

io.netty:netty-transport-sctp MAVEN version =4.0.0.Beta1, =0.0.86, =0.0.86, =0.0.86, =3.30.1.1, =3.10.0.5, =0.2.3.5, =0.0.1, =2.0.24, =1.1.9, =0.3.36, =0.3.39 and more Source cves: CVE-2026-46340 Source advisory: OSV:GHSA-5XRH-QMMQ-W6CH...

PT-2026-47371

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.12-1.1 Description An issue exists in the hfsplus file system where the hfsplus fill super function calls hfs find init to initialize a search structure, which acquires tree-tree lock. If a subsequent call to...

CVE-2026-21035

Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information...

CVE-2026-34527

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...

CVE-2026-6379

The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly sanitize and escape a parameter before using it in a SQL query, allowing unauthenticated users to perform SQL injection attacks...

CVE-2025-14773

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

CVE-2025-14772

Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

CVE-2025-14771

Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...